Download at www.cloudmarkdesktop.com

Read the Review: http://www.pcmag.com/article2/0,2817,2367545,00.asp

The online community has voted and determined who the winners are. It was close, and the Grand Prize of the Cloudmark Desktop “Show Us Your Spam” video contest is VisionaryThe, with “Delete Spam” http://www.youtube.com/watch?v=P-yrFfEi-N8

Runners up are:

- The Worst Spam Email from Everdraed http://www.youtube.com/watch?v=QhLkTKEkOwQ
- Spaminator from Akrochmal http://www.youtube.com/watch?v=pyQ4GIL3Hm8
- Spam Police from Keshen8 http://www.youtube.com/watch?v=asMYiAG6FqU

By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we’ll be able keep that user safe.

Based on information from their support pages (here and here) it seems they will use (at least in part) Google Safe Browsing. Users will see the twt.tl shortener service appearing, and it will only be on DMs (Direct Messages) and the email notifications they generate, for now.

URL shorteners work pretty much as the name might suggest, taking a long URL (which might perhaps look ugly) and converting it to a much shorter one. With the rise of Twitter and other microblogging services, the need to save the number of precious characters used has seen an explosion of URL shortener services. In fact, there is a good chance that you came to this posting via one of these services.

As Terry points out in his post, these services have a fundamental flaw since spammers can and do use them to hide the true destination of their malicious URLs. The URL that they then post out is the shortened one and since the domains used are essentially ‘good’ some domain-based filters won’t flag these URLs as spam. His post finishes with:

Now, if only we could get all of the URL shortening services to subscribe to these reputation services.

We’d like to second that comment and call on URL shortening services to take more proactive steps to identify and reduce the volume of spammy links submitted via their services. Even though it only really targets phishing and malware sites, Google has an API for their Safe Browsing service which would be a useful starting point.

Within the Security Operations Center at Cloudmark, one of the many things we keep an eye on is potential new URL shortener services. Our system takes these shortened URLs and follows them to their lengthier original state. This allows us to treat any shortened URL as if the original URL had been posted and use the reputation of that rather than the URL shortener service.

One of the big problems here, though, is the sheer number of such services that are available; you can even run your own. To give you an idea, here are some numbers:

• Total number of shortener services discovered: 707
• Total number of shortener services seen in the past week linking to spammy websites: 275
• Total number of shortened URLs seen in the past week linking to spammy websites: 5868

(‘past week’ here refers to the 7 days leading up to 30th March 2010)

So in the past week nearly 40% of the URL shortener services that we know about were abused by spammers, and of those, each was used a little over 20 times on average. These are just the services we know about! Every day we discover more, and now also have some semi-automated systems in place to detect new services before us humans do. This helps us react to new spam attacks using shortener services much quicker.

We’d love to hear from any URL shortener service that does take abuse of their service seriously and takes proactive steps to identify and remove spammy links from their service.

Cloudmark is pleased to be working with the GSMA in this initiative and will be doing analysis on the spam messages forwarded to generate reports for the GSMA to pass on to the operators, so they have a clear view on the spam entering & leaving their networks. This will enable the mobile operators to take informed policy decisions to stop this abuse and to implement targeted in-network content control solutions.

Many people in the Western world will not have seen much spam on their phones via SMS yet but it is out there (I have had a handful already this year in the UK and our own research 2 years ago shows that even then 66% of people have received some) and in Asia it is already a big problem due to the much cheaper cost of sending SMS. And the costs in Europe and North America are only going one way, down.

The rapid adoption of smartphones, the users inherent trust of their mobile device along with the shrinking costs of sending SMS messages makes the economics of sending spam, phishing and viruses (as URLs in the SMS message which host malware to run on the smartphone) more attractive every day.

This policy, if implemented, would have multiple consequences, both positive and negative. Cloudmark would like to hear from our readers regarding their opinion of this possible change – please feel free to use the comments section below to let us know how you feel about it.

Emails with the subject “You are in a higher tax bracket”, from “Tax Commisar”, have been making the rounds for the last 20 hours or so. After reminding you that the US uses a progressive income tax, you’re told that you’re making more money than last year, and that you should review your annual tax report. The included link takes you to a double threat – the page itself tells you that you need a new Flash player, and it will attempt to automatically download (and run) a PDF file. The “Flash updater” is an installer for the Zeus bot, and the PDF file takes advantages of some known vulnerabilities in unpatched Adobe Acrobat versions to take control of your machine if the Flash updater doesn’t get it first.

Make sure you’ve grabbed the last Acrobat updates from Adobe, along with all of the other security patches that you should be keeping on top of. Malefactors have been using Acrobat as an abuse vector for a while, and it’s just getting worse.

There are a lot of email and SMS messages flying around over the last few days containing text like this (payload website name removed):

Hey, Obama's giving Gov Grants to help families in your area to stimulate the economy. Check it out, SCAMWEBSITE.com, don't miss out. It won't last long!

The payload websites try to look legitimate, with “As seen on CNBC, MSNBC, and CNN” logos everywhere, fake comments (with additional commenting “disabled due to spam”), and testimonials from people who claim this actually worked for them. These sites direct you to another site, liberally sprinkled with American flags and logos of the major news networks, which asks you for your contact information and a credit card, from which they will charge you a $1.95 shipping fee to send you an information packet. Hidden in the terms and conditions, however, you’ll find that this $1.95 only covers your “one-day trial period”, and that they’re going to bill you approximately $60/month until you cancel. You can read more about this, including a large number of archived complaints about this scam, at complaintboard.com.

Remember – if it seems to good to be true, it probably is. Careful reading of terms and conditions, along with research and a healthy dose of skepticism, can help keep you from being a victim.

Subject lines include:

• AIM critical update
• Your AOL Instant Messenger will be deleted
• AOL Instant Messenger critical update

Kaspersky identifies the downloaded file as an installer for the Zeus bot, which has been used both for spamming and for stealing personal information and was most recently in the news for having made a home within the Amazon cloud.

As always, practicing safe computing will help you. Be wary of ’security alerts’ that ask you to download files, pay attention to those URLs (www.aim.com/download is not the same as www.aim.com.download.botdomain.com), and keep your anti-virus and anti-malware programs up-to-date.