Crooks Continue to Exploit GoDaddy Hole

Credit to Author: BrianKrebs| Date: Mon, 04 Feb 2019 19:12:25 +0000

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

Read more

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Credit to Author: BrianKrebs| Date: Wed, 23 Jan 2019 02:44:28 +0000

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.

Read more

How Internet Savvy are Your Leaders?

Credit to Author: BrianKrebs| Date: Mon, 10 Dec 2018 20:40:05 +0000

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of. But it wasn’t until the past week that it become clear how many organizations — including towns, cities and political campaigns — actually have fallen for this brazen scam.

Read more

Who’s Behind the Screencam Extortion Scam?

Credit to Author: BrianKrebs| Date: Sat, 25 Aug 2018 23:35:40 +0000

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up. The truth is we may never find out who’s responsible, but it’s still fun to follow some promising early leads and see where they take us.

Read more

Notorious ‘Hijack Factory’ Shunned from Web

Credit to Author: BrianKrebs| Date: Wed, 11 Jul 2018 17:19:35 +0000

Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company.

Read more

Is it Time to Can the CAN-SPAM Act?

Credit to Author: BrianKrebs| Date: Sun, 02 Jul 2017 16:14:42 +0000

Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful.

Read more

Tracing Spam: Diet Pills from Beltway Bandits

Credit to Author: BrianKrebs| Date: Wed, 19 Apr 2017 18:56:10 +0000

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities.

Read more