phishing – Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 phishing – 32 32 Anti-phishing domain assurance and email authentication auditing Thu, 10 Jun 2010 12:00:41 +0000 Email art A new way of blocking unwanted emails through domain assurance and email authentication has been developed by reputation management services provider, Return Path. Until now, anti-phishing email authentication measures were far from perfect, with some businesses even afraid of not receiving wanted mail.

The new process of Domain Assurance developed by Return Path starts by auditing all email streams to determine their authentication, and then creating a domain registry where any improperly authenticated emails get blocked. Companies can get automatic notices regarding any phishing or spoofing attacks to their brands, and ISPs can better protect their clients.

The service is currently available in Beta and is being provided through partnerships with Yahoo!, Comcast, Tucows and Cloudmark. The Domain Assurance service will have its commercial launch in the third quarter of 2010.

Source | TheWhir
Photo | Flickr

Delta wins arbitration case Mon, 02 Nov 2009 17:06:21 +0000 delta airlines
Delta Airlines won a dispute over the domain at the WIPO last week. The name was originally registered by Jannie Blazek, a citizen of the Czech Republic.

The one-person arbitration panel sided with Delta, agreeing with the airline that the domain was being used in bad faith.

According to the WIPO, Blazek was using the Delta name fraudulently, claiming to sell airline tickets and collecting credit card numbers in the process. He also failed to respond when the dispute was filed by Delta.

Sounds like an open-and-shut case to me.

Photo | LeeA

Ban on the Word "Bank" in .SE Domains Mon, 31 Aug 2009 20:20:35 +0000 Swedish money
The Swedish Post and Telecom Agency (PTS) has banned the use of the word “bank” in any .SE domains, except for those companies granted permission to use it. Furthermore, any combination of the letters b,a,n, and k are apparently also banned. Presumably, permission will be granted to those organizations which are actually banks. The question that one must ask is whether or not a website that lists banks in a directory or happens to have the word bank in the company’s name will still be allowed to register * domains.

They are insisting that the restrictions be implemented at the time of registration so that anyone who attempts to register a .SE domain with the word “bank” in it will simply be denied. I can only guess that those with legitimate cause for using such a domain would have to jump through hoops to get approved. This outlines a problem that plagues organizations trying to crack down on fraudulent activities with unreasonably harsh restrictions. The only ones who get inconvenienced are the honest customers.

PTS argues that they are protecting people from financial fraud (such as phishing) by restricting who can use the word “bank”. In reality, all they are doing is making it more difficult for real banks to register domains. Those who wish to steal identities and financial information will simply find other means. PTS’ approach only addresses the symptoms rather than offering a cure.

Source: CircleID
Photo: Flickr

One Search for Jessica Biel Could Be Your Last Wed, 26 Aug 2009 13:20:40 +0000 Jessica Biel
You had a long day at work and just want to unwind. How harmless would it be to do a quick search for some hot pictures of a famous actress? On one particular night, you decide to search for Jessica Biel. All appears to go well, but a few days later, your computer is slowing down, acting kind of funny. You might well have been infected with spyware, malware, viruses, or adware.

McAfee’s annual survey revealed that Biel had surpassed Paris Hilton and Brad Pitt as the riskiest celebrity to search for. People looking for pictures, wallpapers, screensavers, and videos often encounter websites phishing schemes, spyware, and viruses. Nearly half of all websites claiming to have Jessica Biel screensavers are malicious.

“Cybercriminals are star watchers too—they latch onto popular celebrities to encourage the download of malicious software in disguise,” McAfee Avert Labs VP Jeff Green said in a statement.

Malware can be particularly dangerous because attackers often use someone’s computer to attack other computers or servers without their knowledge. Such computers can remain infected for long periods of time without any visible symptoms. They can also be used to steal private financial information from an unsuspecting user. While there is software that can scan your computer and warn you of potential dangers, the best defense is to only visit websites you trust.

Source: Ars Technica
Photo: Flickr

Latvian Hosting Company Shut Down After Botnet Thu, 06 Aug 2009 12:24:21 +0000 Authentication required password
The infamous botnet named Zeus has been called the world’s biggest cybercrime botnet. It infected 3.6 million PCs that were used the computers to launch phishing attacks, stealing credit card and banking information all over the world.

The botnet was linked to Rock Phish, a Russian gang. After an investigation, authorities traced the malware to its source: a web hosting company in Latvia called Real Host. Now, the Swedish service provider Telia Sonera, which provided service to Real Host, has shut down their Internet connections. There was no report about what legal action will be taken on the owners of the company.

Malware has become an underground leg of the software industry. Gangs like Rock Phish can purchase botnets like Zeus for about $1000 on the black market. It does not take them long to make up the difference when they can launch attacks on millions of computers, stealing hundreds or even thousands of credit card numbers and banking information.

Photo: Flickr

The Internet is big, really big Thu, 30 Jul 2009 15:09:29 +0000 Homer staring at a big laptop
According to new Internet data, there are now more websites than people in the world — over 1 trillion. With such large numbers, there are 150 domains per person, and it would take 31,000 to read all of them, even if you spent only one minute on each and never slept. Still, just 1.46 billion out of 6 billion people in the world use the Internet, meaning it would take a long time even for all of them combined to see all websites.

China leads the list with 338 million users, with the US trailing at 227 million. Japan, India, and Brazil round out the top five. The UK is a bit lower with 48 million users, reflective of its smaller population. The interestingly neglected part of this data and most raw data like it, is that there is no analysis of the website content.

Of the 1 trillion websites out there, how many are made up of malware, spam harvestors, phishing, fraud, schemes, ad portals, parked domains, and cybersquatting? Furthermore, of the sites that are none of the above mentioned, how many are actually useful and worth visiting? While it may be the job of Google and Bing to index legitimate sites, it will be up to someone else to catalog and evaluate them. As the Internet continues to grow, so does the need for some time of organization.

Photo: Flickr

Argentina creates extension for banks Thu, 23 Jul 2009 17:34:35 +0000 buenos aires argentina
In an effort to cut down on Internet fraud and scams, especially phishing, the Argentine government has joined forces with banks to create the domain extension.

By only allowing financial institutions to register a name, bank customers can easily tell if a suspect website is legitimate or not. The extension will be administered by NIC Argentina, an entity responsible for the country’s domains governed by the Ministry of Exterior Affairs and Culture.

The idea for the name came from a similar project, the extension for tourism sites. The creation of comes at at time when Latin American domains are being registered at record rates. This year alone registrations in the region have grown by 10%. The .ar domain saw the second-highest growth with 21,892 registrations in June.

Source |

What's in a password? Thu, 16 Jul 2009 15:45:17 +0000 password authentication
Phishing is on the rise, and with more services moving online, web fraud is a serious concern. Most people are pretty confident that their passwords are safe from cybercrime, but are they really? For your Twitter account, maybe you are not that concerned if your password is your daughter’s name, but when it comes to your website, possibly your source of income, you might want to consider something a little more sophisticated.

Identity thieves and other cyber criminals typical have password sniffing software and a lot of practice guessing passwords of people they want to exploit. There are a few easy steps you can take to make sure your password is rock solid. First, make sure you use a combination of letters and numbers. Using all of one or the other just makes it easier to hack. You can also consider using mixed case letters. Next, make sure that you avoid common words or number combinations. It should look totally random, even if it is not.

Finally, you should consider rotating your password, trying different combinations. If you have used the same password for the past two years, you could be asking for trouble. There are a plethora of password generators on the web and for PCs that can make the process a little easier. Some of them will check the strength of your passwords. This feature is also built into many operating systems like Linux. Knowing your password is safe makes your job and your web host’s job a lot easier.

Phishers have new tools Tue, 09 Jun 2009 13:21:36 +0000 Facebook login unavailable
According to two reports released by the security company Symantec, phishers and spammers are coming up with new ways to attack their victims. In the past they almost exclusively relied on forged emails and web sites. Now, social networking sites like Twitter and Facebook can be added to their lists of targets.

“It is important that end users are educated and it is important that IT managers take measures against attacks,” said Dermot Harnett, Symantec’s senior director of anti-spam engineering and a co-author of the State of Spam and State of Phishing monthly reports.

“There are products — not just Symantec’s — that managers can use. It is important that we as a community protect ourselves,” Harnett told

The attackers often use forged emails to initially gain access to an unsuspecting user’s Facebook account, but once they are in the door, they can rely solely on Facebook to spread their spam or phishing scheme. They try to acquire private information until they have enough to get what they are really after: money. Their ultimate goal is still to get bank account information and credit card numbers. Phishers also target free web hosting services where they can quickly setup sites anonymously.

Photo: Flickr

Symantec Releases MessageLabs Intelligence Report Tue, 26 May 2009 18:17:46 +0000 Computer security giant Symantec announced the release of its May 2009 MessageLabs Intelligence Report. Covering a wide variety of Internet threats, the report details some disturbing new trends.

Most notably, spam has increased by 5.1% since April. It now accounts for 90.4% of email. Where you live depends on what time of day you receive spam. American spam activity peaks between 9-10 AM, while Europeans get a steady spewing of unwanted email all day. Asians get their spam in the wee hours of the morning.

Interestingly, there’s been a trend for spammers not to write long emails, but just include a message title and link. If more spam is being sent out, at least no one is having War and Peace delivered to their inbox each day.

Spam originates in equal amounts from all parts of the globe, but most is sent out to coincide with American working hours. Over half of it comes from botnets, a collection of thousands of “zombie” computers compromised by malware. To botnets alone, codenamed Donbot and Rustock, account for 18.2% and 16.1% of spam respectively.

The report debunked the myth that malicious content is only found on newer, less reputable websites. Data collected earlier this month by Symantec reveals that 84.6% of domains hosting malware are over a year old. These are mostly social networking sites or hacked domains. Cyber criminals are targeting legitimate domains for their reputation.

The United Kingdom is the third most-spammed country, where 90.3% of email is spam. Hong Kong was number-one with 92.3%

On average, 1 in 317.8 emails contain a virus. The UK seems to get more viruses- 1 in 199.8 emails carry one. In the United States, the threat is more than 50% less ,with only 1 out of 473.4 emails being infected. Finally, 1 out of every 279.0 emails was found to play host to a phishing attack.

The report’s findings will be very useful to developers and IT professionals. If spam filter designers know that most spam goes out between 9-10 AM, for example, they can code their software to be extra vigilant during that time of the day. Because more established website are being attacked than ever before, webmasters need to pay more attention to security.

The full report can be downloaded here (PDF). The information was collected by observing live data feeds from 14 datacenters around the world. Billions of email messages and webpages were scanned.