The Internet Patrol » Spam

The “Use Your Human Sexual Response Mechanism” to Save the Gulf Chain Email

The Internet Patrol — Thu, 24 Jun 2010 20:30:32 +0000

Sometimes I get a spam (in this case a chain letter email) that just makes me say “WTF?” So it was with this chain email that I received not once, but twice from the same sender, with the intriguing subject of “a way we can help the Gulf — please please please read!!”. The basic idea is that if we all focus our energy on envisioning the Gulf being healed, we can make it happen. Now, I’ve read The Secret, and I believe in the power of positive thinking and the law of attraction as much as the next guy (make of that what you will). But the whole “focusing your human sexual response mechanism” on the problem propels this into a whole new realm, (and makes their plea that “if we all come together we can make miracles” all the more interesting). So, here is the email - because, I figured others would enjoy reading it and saying “WTF” along with me. Oh, note the call to please spam this out to everyone you know (er..don’t do it!). I always love when someone spams an anti-spam lawyer, don’t you?

By the way, the email also spams the URL http://tinyurl.com/come2gether, which resolves to http://letsdoandsaywedid.blogspot.com, and which features “A Call to Sacrificial Duty”. Interesting.

Here’s the email.

Please give the following some consideration.

If you can, please re-mail it to every address you can get your hands on.

Above all, make a little time, it doesn’t need to be elaborate: the only necessary action suggested is the main one.

The Short Version:

Obtain an image of the Gulf of Mexico. A globe is best; a two dimensional one will do (print out this email or google it).. A sketch will do, no matter how rough.

Make sure that you will not be disturbed. Unplug the phone, turn off the cell, etc.

Calm and center yourself.

Imagine remembering having learned the news that oil was no longer gushing into the gulf. Remembering having learned that sane measures — ones that would actually be effective — were being undertaken to right all that has gone so horribly wrong since the 20th of April. Imagine remembering how you felt. Imagine how you felt having gotten this news — imagine it in great detail.

Achieve a moment that you experience outside of time and space. The easiest way to do this makes use of the human sexual response mechanism. There are other ways. If you choose this way remember that you can think about whatever you want to as long as you have completed the step before to your satisfaction.

Create a link between that moment and your image. The most common way to achieve such a moment naturally results in the generation of something tangible (such as a fluid, however slight). If you chose such a method, bring into contact with the image. If you did not, if you chose instead, for instance, to hyperventilate or spin until you succumb to vertigo or hold your breath, etc., make sure you are holding the image in your dominant hand during this process.

Place this image or its facsimile in a place where as many people can see it as possible. If you reply to this message with a scan of it I will put it with others like it up on the web and send you a link.

Have a nice day. Thank you.

The Long Version:

If we all dedicated just one of those special, private moments that almost all of us regularly experience…

From a magickal perspective, the result would be breathtaking. Miraculous. And — not a moment too soon.

If you are a sceptic — what could it hurt? You’re going to do it anyway, and you probably weren’t going to dedicate it at all.

If not – why not? The part where you create a physical symbolic link – you can leave that part out, if its too difficult or weird for you. And you don’t have to tell anyone that you actually did it.

You could forward this email purely as a curiosity.

I read about this idea most recently on Twitter. It is an excellent way to focus our healing or miracle energies, initialize them if you will, and heal the Gulf of Mexico. Its an idea which I know from personal experience would probably work. So much so that I had to write this letter. The situation is too serious. We have to try everything. And this is something surely most of us can do.

I hope this isn’t too weird an idea for the more straight-laced among you. It’s based on methodologies that are tried and true. Research them for yourself. You can use the search terms “sex magick” and “talisman” and “sigil” and “visualization” to get you started.

Or take my word for it (although maybe you don’t know me, and I just got your address in the course of years of lists and ads &c). Since i bet it would work, since the theory works with other things too, and since this situation is as bad as it is, I am telling everyone (and i mean everyone) – anyone – any way I can. Please, please, pass the idea on. Tell people,forward the email, repost the tweet, repost the video, photocopy the flyer, whatever. Please.

If this idea offends your sensibilities, hey, my apologies. Thank you for your time. Please do whatever it is you do in your world to most effectively help the situation. Please. In my opinion, as long as you have enough to eat and you are not otherwise in immediate physical danger, there really isn’t anything you have on your agenda more important than halting and reversing this catastrophe in the Gulf of Mexico. So, please, however you pray, pray. And have a nice day.

If you don’t already know how magick works — that is, if you don’t “believe” in magick – here’s you’re chance to have a little fun. Treat this like a game, or better yet, like the scientific experiment that it is. If you were going to do everything by the book, I would say, keep a record, a journal entry before you begin: briefly note the time, date, where you are, what you had to eat, what you are wearing — who is with you — etc. Of course you may have to put this in some sort of code, if you have reason to think what you are about to do offends anybody.

Keep a record, and keep it bounded it time — or it could devolve into superstition. Superstition is doing a symbolic gesture without understanding it. Don’t do that. That’s like allowing the ads on tv to control your actions. That’s bad. It the very least, that is ineffective and inexact.

But I digress. The more detailed version of the idea goes like this:

Do the following, at least once. Do it more than once if you can. Do it once a day if you want. If you want a specific time, how about 9:56 in the evening (that’s when Wikipedia says the Deepwater Horizon Wellhead explosion occurred).

Clear your mind.

Be facing the gulf if possible, sitting or lying down or whatever.

Visualize how you feel (how you will have felt) with the objective accomplished. You don’t have to know how it got that way — only that it did. Not how you might feel, not how it could be or even how it will be – feel how it IS — to know that your objective has already happened…

One more thing — it helps to make a symbolic representation. Not a description, like these words, or the sound of these words, but something more direct, more unmediated. Your own personal doodle of some kind. The post on Twitter said get a globe or other modern map of Earth. I suppose a two dimensional representation would do as well. Keep it on display in your home or at work – where everyone can see the part that corresponds to the Gulf, the part that you know been written on, as it were, with your very own extra-special super-duper extra-heavy-duty Secret Formula Magick Wish Sauce…

Don’t worry if your mind wanders while you are generating this. Once you have even if only for a moment felt how it feels with your objective already accomplished, it is OK to let your mind wander to more frivolous things, even sexually arousing things. The symbolic representation is keeping your place for you. Have fun. Make it a good one. Before you know it you will have all you need. The link is a toggle, either you make it or you don’t, so don’t worry about the amount. The barest minimum is as much a link as buckets.

Apply some to your representation. If you are using a globe, anoint the Gulf of Mexico. I know for some of you that’s the weird part — like I said, it is optional, though very strongly advised. It’s also the part that made me think this could work. You can research the subject on your own: I think you will agree.

Make sure to keep it in a prominent place when its not – in use….

That’s it. That’s all! Nothing to it, huh? Wait and see….

PLEASE REPOST RE-TWEET REMAIL SHARE ETC.

If we all come together, we can work miracles.

Have a nice day.

http://tinyurl.com/come2gether

Come together
right now
for the Sea

Don’t Be Taken in by this Fake Amazon Order Phishing Scam!

The Internet Patrol — Wed, 23 Jun 2010 19:07:16 +0000

Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t - it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “digital-no-reply at amazon dot com” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is http://booksalon.kr/index2.html).

Here’s what the email looks like - innocent enough, right?

And here’s how it reads:

From: “Amazon.com”
Subject: Your Amazon.com Order (D23-4202635-4270272)

Thanks for your order, [you at youremail dot com]

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

E-mail Address: [you at youremail dot com]
Order Grand Total: $ 70.99

Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:
Details:
Order #: D33-1070271-8770019
Subtotal of items: $ 75.99
——
Total before tax: $ 31.99
Sales Tax: $ 0.00
——
Total for this Order: $ 18.99

The following item was ordered:
Click here and see items, Price: $ 61.99
By: Click here
Sold by: Amazon Digital Services, Inc.

The charge for this order will appear on your credit card statement from the merchant ‘AMZN Payment Services.’

You can review your orders in Your Account. If you’ve explored the links on that page but still have a question, please visit our online Help Department.

Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Thanks again for shopping with us.

Amazon.com
Earth’s Biggest Selection

But, check out what’s underneath the hood - each and every one of those links actually goes to http://www.booksalon.kr:

Remember, you can (and should) always hover your mouse cursor over a link and let your system reveal the actual destination before clicking on a link.

Did You Get an SMS Text Message from TM-GodsGift? It’s a Scam

The Internet Patrol — Mon, 26 Apr 2010 17:42:20 +0000

There is a series of SMS text message spams going around right now, from TM-GODSGIFT, that has people wondering. The messages from TM GodsGift say that you have won money - usually in the Coca Cola lottery or the Exxon Mobile draw. It’s all spam - it’s all a scam. You can ignore it - or you can report it. But whatever you do, don’t respond to a message from TM GodsGift.

The messages from TM GodsGift all say something similar - something along the lines of “Your number has won 450,000 pounds” or “You have been awarded 700,000 pounds”. Then it gives you an email address to which to reply to “claim your award” (email addresses currently going around include cocacola.claimdpt at live dot com, cocacolaclaim.file at live dot comm and exxonmobil43 at hotmail dot com).

Of course, if you reply to these scammers by email they will attempt to, well, scam you.

So, first, do not reply to these people.

Second, take what steps you can to make your cell phone harder to spam by SMS (what you can do will depend in large part on your cell provider). Third, if you choose to do so, report the spammer scammers.

You can read both how to stop SMS text spam, and how to report it, here.

Internet Service Providers (ISPs) to Start Charging Users for Processing Spam Addressed to Users

The Internet Patrol — Thu, 01 Apr 2010 13:49:11 +0000

A group of U.S.-based Internet service providers (ISPs) have announced that they are going to start charging their email users for processing the spam that is addressed to them. As the deluge of spam continues unabated, ISPs are seeking new ways to help offset the cost of processing the trillions of pieces of junk email that they are keeping out of their customers’ inboxes (or, in some cases, still delivering to their customers’ inbox or junk folder).

“Our users don’t realize that even though they are seeing a tiny fraction of the spam addressed to them, because of our spam-filtering systems, the majority of our resources are being used in dealing with the overload of spam pouring into our servers every day, and it’s nearly all addressed to our users,” said a spokesperson for Yahoo.

Although officially Google is still looking at whether to jump on board and start charging their users for processing their spam, a senior-level manager at Google was even more direct. “I think it’s a great idea, and I think that we are going to be doing it too. If email users weren’t so careless with their email addresses, we wouldn’t be in this situation. They are the ones who allowed their email address to be harvested and used by spammers. Why should we have to pay for that?”

While this will affect primarily users of the free email services such as Yahoo, Gmail and Hotmail, some ISPs are purportedly considering charging their paying email customers as well, rather than raising their existing rates across the board. “If I have kept my email address secure, and am not getting a load of spam, why should I have to pay for the processing of the thousands of pieces of spam you get because you weren’t as careful with your email address?” observed the Google engineer.

While the move to start charging users for processing their spam is currently limited to ISPs in the United States, some Internet service providers in other countries are watching closely.

“It’s an idea that makes a lot of sense, and we are watching it very closely,” said Primo d’Avril, General Manager for French ISP TeleConnect.fr.

{P.S. This article originally posted on April 1st, 2010}

The Western Union Money Transfer Scam Spam

The Internet Patrol — Tue, 16 Mar 2010 23:05:15 +0000

There is a new Western Union money transfer scam spam making the rounds. It thanks you for “using Western Union Money Transfer”, and gives you a fake confirmation receipt transaction number (”control number”) - in our case the Money Transfer Control number used was 1629752260. The spam includes an attachment that is an HTML file named something like “WU account.html” - don’t open it! UPDATE: We have now determined that this Western Union scam drops your phished information at http://logfreshcomment.comoj.com/logfortheatd.php, which is hosted by 000webhost.com

Of course, while you shouldn’t open the Western Union attachment, we here at the Internet Patrol are trained professionals, and so have done it for you.

Here’s what it looks like - don’t be taken in by it!:

Western Union - Thank you for using the Western Union Money Transfer®

Dear customer,

Thank you for using the Western Union Money Transfer®.

Your money transfer has been authorized and is now available for pick up by the receiver.

Transfers to certain destinations may be subject to further delay or additional restrictions.

TRANSACTION DETAILS:

Your Money Transfer Control Number [MTCN] is: 1629752260

Please use this number for any inquiries.

Date of Order: 16 March 2010
Amount Sent: $109,99

***********************************************************************************************
If you did not authorized this transfer you can cancel the transfer at any time
by downloading the secure form attached to your e-mail.

NOTE: This is our new security measure against unauthorized transfers made by a third party.
***********************************************************************************************

Thank you for using Western Union!

©2001 - 2010 Western Union Holdings, Inc., All Rights Reserved.

Now, if you’d been duped by this, and provided them with your credit card information and password, when you hit “submit” it actually deposits your information at:

http://logfreshcomment.comoj.com/logfortheatd.php

which is a site hosted by 000webhost.com. But because 000webhost.com provides free and easy hosting, odds are good that they had no idea they were hosting such scammers.

We hope.

How to Stop SMS Text Spam and How to Report SMS Txt Msg Spam

The Internet Patrol — Tue, 16 Mar 2010 21:17:46 +0000

If you’re being plagued by cell text message spam (cell phone spam or mobile phone spam) like this one we received from 702-541-4047 - “Do you have $20,000+ in CREDIT CARD DEBT? Our national program REDUCES it by HALF! Reply “DEBT” to see if you qualify! (cuturdebts.com-optout,reply:out)” - you’re not alone. (What does SMS stand for? Short Message Service - SMS service is a way to send short text messages directly to a cell phone). The problem is that those unwanted SMS messages that you see as cell phone spam, the sender sees as an SMS campaign. Those rude text messages - often anonymous SMS text messages - are bulk SMS messaging sent by the SMS sender as a text message advertising campaign (often facilitated by free SMS text message services that allow the SMS sender to send anonymous text messages). It’s illegal to send SMS text spam in most states, but figuring out how to go about reporting spam received on your cell phone can be tough. Here’s how to submit your spam that you receive via SMS text message to the right authorities, as well as how to stop it.

It’s important to understand one little-known ‘feature’ of SMS cell phone spam - the vast majority of it is actually sent from the Internet, spamming the email-to-cellphone text messaging gateways that nearly every cell phone carrier maintains. What this means is that your cellphone has an email address, and if people know the magic addressing formula, people can send text message via email to your cell phone. For example, if you are an AT&T customer, your cell phone’s email address is:

your-10-digit-phone-number at txt.att dot net

Similarly, if your carrier is Verizon, T-Mobile, Sprint, or Nextel, your phone’s email address is:

your-10-digit-phone-number at vtext dot com
your -10-digit-phone-number at tmomail dot net
your -10-digit-phone-number at messaging.sprintpcs dot com
your -10-digit-phone-number at messaging.nextel dot com

…respectively.

Once understanding this, you can go about defeating text message spam a couple of different ways.

You can simply block all text messaging, which is what most front-line cell phone service customer service representatives (CSRs) will suggest up front. But as more and more people have given in to text messaging as a form of instant communications with family, friends, and even colleagues, that is not always a terribly practical way to go.

But there’s another way.

At least some cell phone providers offer the option to block only text messages that come from the Internet, and as the vast majority of cell phone text message spam comes via these Internet email-to-mobile phone gateways, blocking just Internet-to-cell text messages will reduce the amount of SMS spam you receive to a tiny fraction of its former self.

Both AT&T and Verizon offer this service. At the time of this writing, Sprint and T-Mobile don’t offer a wholesale “no text messages from the Internet”, but they do offer ways to deal with text messages that originate on the Internet.

So, call your cell provider and ask them how you can stop receiving text message that are sent via the Internet. Here are the customer service numbers for the major providers in the U.S., but if you’re outside of the U.S., or have another U.S. provider, by all means you should call them and ask if they offer such a service:

AT&T Customer Service: 800-888-7600
T-Mobile Customer Service: 800-866-2453
Verizon Customer Service: 800-275-2355
Sprint Customer Service: 888-211-4727
Nextel Customer Service: 800-639-6111

Now, how to go about reporting that cell phone spam:

First and foremost, call your cell phone provider and complain, loudly, to them. And while you are doing so, ask for a credit for the text message received. Even if you don’t pay for the first X text messages you receive under your plan, ask for a credit so that the spam message doesn’t count towards X.

Next, the Federal Communications Commission (FCC) is tasked with both creating policy regarding, and policing, cell phone communications, including spam. And they have a special form online through which you can submit your SMS spam, here:

Report your cell phone spam here.

So, call your provider, file your report, and take back your phone!

Fake Amazon Cancellation Email Hides Canadian Pharmacy Spam Links

The Internet Patrol — Mon, 08 Mar 2010 21:39:05 +0000

Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. “Amazon.com - Your Cancellation (0046-68878-96071)” says the email’s subject (although the “order number” may change) - but of course the link to check “ORDER INFORMATION” really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to http://www.dinnerinperu.com/quadratical, which redirects to http://weightbreezy.com, which is a Canadian pharmacy spam site.

The spam, in full, reads:

Subject: Amazon.com - Your Cancellation (0046-68878-96071)
Date: March 7, 2010 10:17:22 PM MST

Dear Customer,

Your order has been successfully canceled. For your reference, here`s a summary
of your order:

You just canceled order #427-36356-9898759

Status: CANCELED

_____________________________________________________________________

ORDER INFORMATION
Sold by: Amazon.com, LLC

_____________________________________________________________________

Because you only pay for items when we ship them to you, you won`t be charged
for any items that you cancel.

Thank you for visiting Amazon.com!

———————————————————————
Amazon.com
Earth`s Biggest Selection
http://www.amazon.com
———————————————————————

As we mentioned in our article last week about the fake Amazon.com confirmation emails, this round of spam also uses masked links that make you think that the link will take you to Amazon so you can figure out just what the heck order they are talking about. But in reality, these cloaked links take you to one of the Canadian pharmacy spam sites that are behind this spam effort.

If you are careful, you can hover over the link with your cursor, and any current browser should reveal the actual site link. As you can see in this image below, we hovered over the link, and found that the link in this Amazon.com cancellation phishing spam really goes to a page called “DinnerInPeru.com/quadratical.html” and that page, in turn, goes to the Canadian pharmacy spam site, called “weightbreezy.com/” (Spammers register hundreds of nonsense-named sites on which to host their wares, knowing that their sites will get taken down as soon as they are discovered by either the ISP or the authorities.)

As always, if you get an email that claims to be from Amazon, Paypal, eBay, or one of the other big sites, instead of clicking on the links in the email, just log into the site and go to your account. If they really are trying to reach you, there will be a notice in your account.

On Canter and Siegel and the Green Card Spam

The Internet Patrol — Tue, 02 Feb 2010 13:02:22 +0000

Now here’s a blast from the past. I was trolling Usenet recently (many of you may know it better as Google groups since Google borged Usenet), and I came across the letter to the editor that I wrote in reponse to a letter that the American Bar Association Journal had published, written by Martha Siegel (she of the Canter and Siegel Green Card Lottery Spam infamy). In the letter, Ms. Siegel attempted to justify the mass-spamming of Usenet that she and her associate had done in the name of trying to drum up business for their law firm. It was, if not the first mega-spam, certainly the most high-profile of those among the first.

For a little background, here’s what went down. Back in the mid-90s, the United States instituted a “green card lottery”, which would allow some people who were waiting to qualify for a green card (permanent resident status for immigrants) to be entered in a pool of applicants who, if chosen in the ‘lottery’, would jump to the front of the line and avoid a wait of, sometimes, years, to otherwise get their green card. As you might imagine, the Green Card Lottery became a heyday for immigration lawyers.

The law firm of Canter and Siegel (Laurence Canter and Martha Siegel) was perhaps one of the more Internet-savvy law firms back in those early days of the ‘net. They hired a programmer to write a script for them which would post an advertisement for their services for those interested in the Green Card Lottery, and post it to just about every single Usenet group (again, now known to most via Google groups) available. In all, they spammed nearly 6000 newsgroups!

The below is my response - posted to Usenet - to Ms. Siegel’s letter to the American Bar Association publication, the ABA Journal.

Date: Fri, Sep 9 1994 4:17 pm
Subject: Canter and Siegel - ptooey

The following letter to the editor of the ABA Journal, from Martha
Siegel, of Canter & Siegel, appeared in the September issue.

I am personally disgusted by this.

I would urge any of you who feel strongly about this to drop the ABA
editorial staff a line (their email address follows) and let them know
how folks really feel about this issue. My own letter is appended at the
end of this.

The ABA Editorial email address is: [redacted]

Here is Ms. Siegel’s letter, attempting to justify their mass-spamming of thousands of Usenet groups:

“Information, Please

Of the many hundres of stories that have appeared in (the
media) regarding our computer advertising activities on the Internet,
one of the most misleading and least objective appeared inthe ABA
Journal (”Lawyers’ Internet Ad Angers Users,” July, page 26). The
writer says we offended “more people than anyone thought possible”
while receiving only a few polite requests for the information we
offered.

We received more than 20,000 positive responses requesting
information. Close to 1,000 of those responding became paying
clients. The number of information requests and the number of
critical responses were about equal. Of the estimated 10 million
Internet discussion group participants, the great majority were not
sufficiently interested to register any opinion.

Clearly there are many fascinating, cutting-edge legal issues
raised by commercialization of the Internet. The article concerning
our activities could have discussed them. Instead, the writer chose
to rehash an 8-year-old Florida disciplinary matter totally irrelevant
to the subject at hand. This highly questionable editorial decision
served the serious informational needs of absolutely no one.

In sum, the article written was not fair to us. Perhaps
another, more thoughtful article is in order.

MARTHA S. SIEGEL
PHOENIX

———————————————

And here is my response:

Dear Editor,

It was not with a little disgust that I read Ms. Siegel’s letter
entitled “Information, Please” (September 1994, p. 13). As a very
active user of the Internet, personally responsible for the creation
and/or moderation of over a dozen Usenet discussion groups, I can say
unequivocally that Ms. Siegel’s assertions are patently false. A huge
percentage of regular users of the Internet were not only not “not
sufficiently concerned”, but were VERY concerned over Mr. Canter’s and
Ms. Siegel’s blatant and flagrant misuse of Internet resources.

While it MAY be true that the number of negative responses they
received did not far outnumber the number of “positive” responses,
what Ms. Siegel conveniently neglects to mention is that the negative
responses were so fast and furious in the coming, that the Internet
provider’s systems which Canter and Siegel used were crippled by the
sheer volume of complaint mail; what mail was received may be as
little as a tiny fraction of that complaint mail which was sent. What
Ms. Siegel further neglects to tell you of is the thousands of
Internet users who, rather than sending electronic complaint mail,
chose instead to discuss their oft-times vehement and angry
displeasure with Canter and Siegel’s antics on the public discussion
boards.

Many, many of us, attorney and lay-person alike, looked into
reporting them to their local bar and disciplinary authority, so
outraged were we, only to find that they were not admitted in the
state from which they posted, making the issue of discipline murky and
confused at best.

Their own Internet provider posted apologies for their actions; other
Internet providers of which I am personally aware have scrutinized
their own user contracts with Canter & Siegel to determine whether
they can close their systems to the firm.

Ms. Siegel closes her letter by complaining that your article covering
the fiasco was not fair to Canter and Siegel. I must say, coming from
a pair who seemingly thought not a wit about fairness before subjecting every
single discussion board, and every single Internet user they could
spew their ad towards, to unwanted, unsolicited, and for some, costly
advertising, I find the charge of “unfairness” ironic.

Anne P. Mitchell, Esq.
Palo Alto, California

————————–

But if you think that spamming 6000 Usenet groups and then defending it took chutzpah, you ain’t seen nothing yet!

As the ultimate audacious footnote to this, in 1997 Martha Siegel wrote a book, How To Make a Fortune on the Internet

As I always say, the frustrating thing about being a lawyer is that 95% of the lawyers out there…

…give the other 5% of us a bad name.

Project Honey Pot Reveals Where the Spammers Are and Best / Worst Countries for IT Security

The Internet Patrol — Tue, 15 Dec 2009 22:17:53 +0000

Project Honey Pot has just announced over one billion served - one billion pieces of spam served to Project Honey Pot that is - and with that milestone they have released their analysis of global spam trends and patterns, and it’s very interesting.

Project Honey Pot correctly observes that it’s actually very difficult to determine the country of residence for a spammer, however it is relatively simple to determine the country of origin of the spam itself. As they explain, “spammers’ use of bots can make their messages look like they are coming from somewhere completely different than their actual location. As a result, lists of spam origin countries tell you very little about where the spammers are actually located…. On the other hand, they can help provide insight into a country’s security policies because they give evidence on the number of bots operating within a country’s borders.”

Accordingly, Project Honey Pot has collated a list of the countries with the best IT security - and the worst. Those of you in the United States will be happy to learn that the U.S. made the top 10 for best IT security, although we came in number 6, behind the Netherlands, Australia, Belgium, Canada, and Finland (at number 1). The 10 worst countries for IT security - and thus the ten with the highest number of compromised computers that have been pwned by botnet herders and spammers, and so are being remotely controlled to send spam and other nasty things, include Brazil, Macau, Kazakhstan, Vietnam, Turkey, Macedonia, Columbia and, not surprisingly, China in first place, with South Korea at #3 (Azerbaijan has the dubious distinction of being in second place behind China for having the worst IT security).

[On another note, Internet security firm Symantec this week released their own report in which they state that 83% of all spam is sent by botnets, and that 97% of that spam is sent by a total of just 9 botnets, all of which are known and identified in the Symantec report. In fact, two-thirds of that spam comes from just four botnets: Rustock, Cutwail, Bagle and Bobax (sounds like a lawfirm, doesn't it?).]

However, Project Honey Pot has another trick up their sleeve for determining where the spammers (or at least the bot herders) are actually located - they look at where the systems that are harvesting email addresses from the web are located. Explains Project Honey Pot, “Our research indicates that, unlike the bots used to send spam, the machines used for harvesting tend to be more permanent, stable, and closely connected to the actual spammer’s location.”

Project Honey Pot asserts that the U.S. is #1 when it comes to where email address harvesters are (not a destinction of which we are proud, although we suppose one could hold this up as an example of “good” old American ingenuity. Following are Spain at #2 and, ironically given their position of fifth in the world for IT security, the Netherlands at #3. The UAE, Hong Kong, Romania, the UK, China, South Africa and Germany round out the top ten locations for email address harvesters.

Other interesting facts to come out of the Project Honey Pot analysis include that the number of bots has nearly quadrupled every single year, and that the time from when an email address is first harvested until it receives its first spam has jumped from more than 49 days in 2004 to under 22 days in 2009, with fraud and phishing spam hitting harvested addresses more quickly than so-called “product” spam (spam which is hawking a product or service).

If all this makes you feel down, take heart - with the holidays just around the corner you may be heartened to learn that, as Project Honey Pot puts it, “bad guys take vacations too,” and there is a 21% decrease in spam on Christmas, and a 32% decrease in spam on New Year’s Day (although we doubt that it’s due to New Years’ resolutions).

To read the full report, and to learn more interesting spam facts, such as the days of the week and the times of day when spam is at its highest and its lowest, read the Project Honey Pot report here.

Getting Spam from Frappr? You’re Not Alone

The Internet Patrol — Mon, 14 Dec 2009 20:34:52 +0000

We’ve seen some idiotic mailing practices in our time, but of all of the dunderheaded bulk mailing “policies” we’ve seen, this one may take the idiot-cake: “You are receiving this message about Frappr because your name and email address were submitted to a Frappr Guest Map at some point in the past 5 years.” (”Frappr” because, presumably, frapper.com is owned by a domain squatter.)

But it gets better. The very next line - the one you’ll all be looking for in order to unsub from Frappr’s mailing list (that is, if Frappr is lucky and you don’t just immediately hit “this is spam”) - says:

To be removed from the list send us a message http://www.frappr.com/?a=feedback]

Now, you might imagine that, based on both the wording of that sentence and - you know - Federal anti-spam law, that when hitting that link, you would be unsubscribed, or at least presented with an option to unsubscribe.

But you would be wrong.

Here’s where http://www.frappr.com/?a=feedback takes you:

“Surely,” you are saying to yourself “there must be an unsub option in that drop-down menu area, then, right?”

Nope:

Here’s the full text of this email that you too may receive if “your name and email address were submitted to a Frappr Guest Map at some point in the past 5 years”, so that you can, you know, block it on sight (or even before you see it):

From: thefrapprteam at frappr dot com
Subject: Save Your Frappr Map Today

Two years ago Platial released an updated version of the Frappr Guest Map. Many Frappr members welcomed the change and replaced their old maps with the new ones. But many of you have not yet switched, in fact we still have more than 400,000 Classic Guest Maps still installed and active out in the world. The time has come to talk about your options as we start to retire the old version.

1. For those of you who are loyal to the classic style map, we are offering a simple payment option. $24.99 will keep your map alive and kicking for one full year. The deadline for receipt of payment will be January 1, 2010. At that time we will stop serving the maps.

2. For those who simply want to save their map data, we just released an export tool that gives you access to all the friends and photos from your maps creating a fully offline archive in the popular KML format right on your desktop. To use the exporter just look for the links on your map page on Frappr.com.

More information about both options can be found right on the http://frappr.com homepage.

Oh yeah, plenty of retro Frappr schwag still available.
http://www.zazzle.com/frappr*

Happy Mapping!
The Frappr & Platial Team

[You are receiving this message about Frappr because your name and email address were submitted to a Frappr Guest Map at some point in the past 5 years. To be removed from the list send us a message http://www.frappr.com/?a=feedback]