Email

FTP Cracking to Perpetuate Malware via Spam

Posted Wed, 08/27/2008 - 2:45pm by rernst

This article on spamhaus details how spammers are using cracked FTP accounts to spread malware in spam. FTP cracking is hardly new, but the article gives some excellent reasons to switch away from plain FTP.

It also illustrates an interesting -- and slightly scary -- convergence of technology to further spammers' aims.

Posted Mon, 07/28/2008 - 2:50pm by rernst

Sure, you could set up your mail server to enforce a security policy where any message with more than a certain number of 'Received' headers. But when that 'certain number' is '2', could you receive any mail at all?

(Yes, I actually saw this today: I sent off a quick email to postmaster@ but I'm not sure if it ever arrived or not :S)

Update 24 hours later: I haven't received a bounce, so maybe it did arrive. Hard to say.

Posted Tue, 07/15/2008 - 1:40pm by rernst

Google and Yahoo are using domainkeys to verify paypal and ebay email. This is a good thing, but it's really late. Still, since paypal and ebay are amongst the most phished services, this has the potential to do a lot of good. Now, if only banks would start using it.