Wandering Thoughts archives

2008-04-09

UniversityWebmailSpam

Why there's a bunch of spam from university webmail systems right now

You may have noticed that as of late there's a bunch of spam (usually advance fee fraud spam) coming from various university webmail systems. (When it has real IP origin information, it is often from the usual suspects.)

Until now, I thought that this was because spammers had worked out how to compromise webmail systems. It turns out that it is worse than that; phishers are specifically targeting universities. And these are not your run of the mill ordinary phish attacks, where you get email about your account at a bank you don't use in a country you don't live in. I'll quote (with permission) from Alex Nishri:

Since January there have been a series of attacks targeting Universities with custom phishing messages designed to steal userids and passwords. Once people respond with their userid and password, the phishers log on to the target University's webmail system and send out thousands of spam and phishing attack messages. Many Universities have been hit dozens of times.

The message content has been getting more and more customized. For example, it frequently uses the names of real people (e.g. apparently coming from the CIO or someone who heads a particular IT service), and copies the style of real broadcast messages. A common recent ploy is to say, "... although <university name> would not normally ask for passwords by e-mail, we have made a one-time exception to this policy in order to verify with certainty the identity of users ..."

Compromised accounts have been used for spam, and also probably have been resold for things like access to our library system's university-only online collection. The attacks have been very successful; such a phish message might go to 2000 people, and about 20 to 30 reply.

(I don't know about you, but a 1% success rate scares the heck out of me.)

There's a bunch of unpleasant implications of this. For me, the biggest one is that spammers have clearly determined that there is money to be made in these particular hills. (Actual money generally makes spammers especially ingenious and tenacious.)

UniversityWebmailSpam written at 23:35:47; Add Comment

2008-04-03

GMailSpamProblem

Google Mail has a spam problem

Actually, Google Mail has had a spam problem for a while now. Their oldest problem is advance fee fraud spammers; GMail has been playing host to a revolving cast of them starting roughly from when it first became reasonably easy to obtain a GMail account. Given that 419 spam is hard to detect automatically this isn't too surprising, but still.

Recently it's gotten worse, possibly because automation may have become much better at creating GMail accounts. I'm seeing recognizable repeat spammers, with more or less the same message (and certainly shilling the same websites, because that's what I'm blocking on); if I can recognize these spammers, GMail certainly ought to be able to do so too. I believe I've even seen a phish spam through GMail.

(A remarkably bad phish spam, but still.)

I feel that GMail's spam problem is exacerbated by a number of issues:

  • GMail completely omits the sender's IP address. If GMail did a good job of stopping spam I would call this a commendable step to preserve user privacy; since GMail does not, I want that information in order to do my own filtering and I now have no confidence that GMail is actually stopping well known persistent spam sources.

  • GMail (and Google as a whole) has never seemed to take spam from itself, or even the possibility of spam from itself, very seriously. Part of this is that I have a decided memory (possibly inaccurate) that GMail basically had no abuse team and no useful abuse reporting system when it started.

    (Even now various portions of the Google empire are infamous for not responding to spam reports. Good luck getting Google Groups to deal with any of their numerous Usenet spammers, for example.)

  • GMail has made itself far too important to block. This leads to unpleasant speculation about whether GMail is deliberately trading on this fact in order to get away with a too-small abuse handling system.

The very opaqueness of Google and GMail makes the whole situation worse and makes it impossible to judge them on anything except results. And the results are not good; these days, I think I am running at least a ten to one ratio on spam from GMail versus real mail from GMail. This does not please me.

GMailSpamProblem written at 23:14:31; Add Comment

(Previous month | Next month)
By day for April 2008: 3 9; before April; after April.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Twitter: @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.