Spam

Last May, long before the iPhone 4S was released, a bunch of Facebook users got tricked into spreading spam by clicking on a link attached to this headline: "First Exposure: Apple iPhone 5."

People who normally ignore all the other scams involving purported free software or naked celebrity photos clicked that fake news link and even completed a captcha on a second site, which reposted the scam to their own Facebook stream. That probably says more about how fanatical people are about Apple products than anything else. But it did raise the question--what does it take to lure … Read more

A judge has awarded Yahoo $610 million in a lawsuit against spammers who sent e-mails to people falsely telling them they had won a lottery prize from Yahoo.

The federal district court judge in New York ordered defendants, whom Yahoo did not identify, on Monday to pay Yahoo $27 million for trademark infringement, $583 million for violating the Can-Spam Act, and an unreleased sum for attorney's fees.

Yahoo filed the lawsuit in 2008, alleging that spammers were using the fake lottery e-mails to defraud people. The messages were designed to trick recipients into providing their bank and other information … Read more

Microsoft said today that a Czech Republic-based provider of free domains has agreed to pull the plug on botnet activities using his subdomains, as part of a settlement of a lawsuit the software giant filed in September to shut down the Kelihos botnet.

The suit, filed in federal court in Virginia, named Dominique Alexander Piatti and his domain company, Dotfree Group SRO, as defendants, alleging that they were involved in hosting the Kelihos botnet. Infected computers in that operation, also known as "Waledac 2.0" after a previous botnet that Microsoft shut down last year, were used to … Read more

Microsoft has put a halt to the Kelihos botnet and is accusing a Czech resident of hosting the botnet and using it to deliver spam and steal data, the company said today.

Kelihos, also known as "Waledac 2.0" after a previous botnet that Microsoft shut down last year, comprised about 41,000 infected computers worldwide and was capable of sending 3.8 billion spam e-mails per day, according to Microsoft.

The complaint filed last week in the U.S. District Court for the Eastern District of Virginia accuses Dominique Alexander Piatti, Dotfree Group SRO and John Does 1-22 of infecting victim computers with malware to create the Kelihos botnet, using it to send unregulated pharmaceutical and other spam, harvest e-mails and passwords, conduct fraudulent stock scams and, in some cases, promote sites dealing with sexual exploitation of children.

Meanwhile, subdomains were allegedly used to infect Mac computers with MacDefender scareware, according to the complaint. Piatti could not immediately be reached for comment.… Read more

Within days of Facebook rolling out new security features designed to block spam, several new social-engineering attacks were spreading that somehow managed to get by the company's antispam defenses.

The spammers have modified their handiwork so it will get past Facebook's scam detection system, company spokesman Fred Wolens told CNET today.

"There are new methods they've picked up after we put out the protections on Thursday," he said. "It's an arms race. We put out new protections and they come up with new campaigns...When we announced the new security features, they were … Read more

Facebook is launching several new security features today designed to protect users from malware and from getting their accounts hijacked.

First, the site will display warnings when users are about to be duped by clickjacking and cross-site scripting attacks in which they think they are following a link to an interesting news story or taking action to see a video and instead end up spamming their friends.

For example, a scam was circulating yesterday in which Facebook users were inadvertently commenting on what looked like a news site with details of the iPhone 5. Clicking on the link leads to … Read more

Fans of the "Twilight" movies are falling prey to a scam that can end up hijacking their accounts and sending the scam on to unsuspecting friends.

Facebook updates are circulating that look like promotions of a game related to the upcoming teen vampire movie, "Twilight Breaking Dawn," according to this Sophos blog post.

The link leads to what looks like a Facebook page with a "play now" button that when clicked surreptitiously "likes" the link and spreads it on a visitor's Facebook account.

It doesn't stop there. A dialog box … Read more

A malicious Android app that masquerades as a free version of a legitimate app steals data and sends spam text messages and a warning that chastise the user for trying to get around paying for the actual app, Symantec said today.

The app, available on several file-sharing sites in North America and Asia that are known as clearinghouses for pirated software, is called Walk and Text. That's also the name of a legitimate app--available on the Android Market for $1.53--that uses a device's camera to let people see what's in front of them as they text … Read more

People are finding charges on their mobile phone bills that they say weren't authorized, including mystery text services that appear out of nowhere and charge for content that people believed was free.

I was the victim of a scam recently in which $9.99 was charged to my cellular account for so-called "inspiration" text messages for which I definitely did not sign up. The phone, a BlackBerry on Sprint, is a second phone kept around for emergencies only and had not been used for about a month before the text messages were noticed.

I halted the service … Read more