Category Archives: spam

Steam Limits Accounts in Effort to Fight Spam



Steam logoSteam has come up with a unique way to fight against spam. Steam users need to spend at least $5.00 USD in order to have full access to all of Steam’s features. The purpose is to limit what spammers and “malicious users” can do. The reasoning behind this decision is explained by Steam as:

We’ve chosen to limit access to these features as a means of protecting our customers from those who abuse Steam for purposes such as spamming and phishing.

Malicious users often operate in the community on accounts which have not spent any money, reducing the individual risk of performing the actions they do. One of the best pieces of information we can compare between regular users and malicious users are their spending habits as typically the accounts being used have no investment in their longevity. Due to this being a common scenario we have decided to restrict certain community features until an account has met or exceeded $5.00 USD in Steam.

It’s easy for “regular users” to avoid ending up with a limited account. You can add $5.00 USD to your Steam Wallet. You can buy a game(s) that are equal to $5.00 USD or more from the Steam store. Or, you can purchase a Steam gift that is equal to $5.00 USD from the Steam store and give it to a friend who also uses Steam. To me, it seems that $5.00 USD is a low enough amount so as not to be cost prohibitive for people who are using Steam in the way it was intended.

Those who have a limited account will be prevented from accessing several features. Some of those features include: sending friend invites, opening group chat, participating in the Steam Market, and posting frequently in the Steam Discussions. Those who have a limited account will not be able to vote on Greenlight, Steam Reviews, and Workshop items.


YouTube Acknowledges Spammy Comments



YouTube logoHave you noticed an increase in the amount of spammy comments on your YouTube page in the past few weeks? You aren’t alone. YouTube has acknowledged on its Creator Blog that they have received a lot of feedback from creators about the increase in comment spam.

The increase in spammy comments began after YouTube decided to make new YouTube comments powered by Google +. The idea was that this would allow the content creators on YouTube to more easily see the comments from the people that mattered to them (like their friends, for example). Instead, something unexpected happened. The YouTube Creators Blog notes:

While the new system dealt with many spam issues that had plagued YouTube comments in the past, it also introduced new opportunities for abuse and shortly after the launch, we saw some users taking advantage of them.

To combat this problem with spam comments, YouTube is going to do some updates. The updates will include better recognition of bad links and impersonation attempts, improved ASCII art detection, and a change to how long comments are displayed. They are working on improving comment ranking and moderation of old-style comments. YouTube is also going to release tools that will allow creators to do bulk moderation soon.


Twitter banning Bit.ly, other URL Shortners on Direct Messages (DM)



Twitter logoToday I was trying to send a direct message to a friend. Included was a bit.ly link to a page I needed him to see. For some reason, Twitter kept saying there was an error and cannot send the DM. After checking his page to make sure he was still following me and sending a couple test DMs successfully, I realized the problem was the bit.ly link.

I did a search and found that indeed – Twitter was blocking DMs with bit.ly links. They found many different links could not be sent via DMs. CBS.com was one of those who were blocked by Twitter DMs.

Of course, this is because of Twitter allowing n0n-followers to DM people. You have to opt-in to the option, but with this you can get messages from many different people.

The Twitter error Message Needs to Be Fixed

So direct messaging with a link could come back saying the person might not be following you. That could be totally confusing – especially if you know they are. I almost chalked it up as a twitter database error but decided to check and see if there was any changes.

The only advantage of allowing non-followers to DM is if your Twitter account is a corporate one or you have over 10,000 followers and don’t want to follow them all back.

The Problem with Blocking Bit.ly – the Mask-Around

Spammers are smart and/or intuitive. Instead of using bit.ly, they’ll use another system that gets around the twitter issue. Twitter might then block that, but in the meantime, you don’t see a bit.ly link – you see a My.website link. Give a spammer/hacker 2-3 days with an $8 /year website domain and they could make enough to buy another $8 domain and start the process over again.

Of course this is a very common problem with url shorteners. Tiny URL added spam block and virus protect tools shortly after they started. Bit.ly also has some preventative measures (using companies like Sophos, Verisign, Websense and more). Still, they are not responsible for 3rd party content using their links.

Bottom Line – Don’t click on unknown links

Usually bad links start with “Hey, is this you” or “I got a way you can make money” which really translates to “I got a way for ME to make money using you”. If you choose to opt-in to letting anyone DM you, keep in mind you will get spam in your message box. If you don’t feel confident you can sniff out the good from bad, then simply don’t check the box.


Text Spam DrivingYou Crazy?



Being a new owner of a smart phone, I had never heard of text spam.  After all, my phone number is on the federal and my state’s no-call lists, so why would I ever think I’d get spam in the form of SMS/text messages?

Well, I do get them, at least one a day.  After a couple weeks of this, I started to get aggravated.  I knew I didn’t want to just text “stop” in return.  That’s like trying to unsubscribe to email spam; all it does is bring on more spam.

Well, it turns out I can have my carrier (who happens to be ATT) do some of the work for me in cutting down on SMS/Text spam.  I can forward my spammy texts to 7726 (that spells SPAM).  When I do so, I usually get a text back from ATT asking me for the phone number from which the spam came. I text that number back, then get a thank you text from my carrier.

What happens after that is not completely clear, but I think the more people use this service, the more likely it will be that wireless carriers will be able to take action against spammers.  Time will tell if I’ll get less spam via text message, but I’m hopeful.


Time for Yahoo to Close Groups?



It’s another Monday and seems to be another day of inbox Spam. However, I’ve noticed recently how more and more spam groups are being created on Yahoo! and joining me. They basically say the same thing:

I’ve added you to my akljsdfklj group. a free Yahoo! Group to send and receive group messages.

Description: asdflkhasdf

To gain access, click the link…

This is another reason that Yahoo! just doesn’t care about their product. I use Google Groups all the time and don’t get any spam messages like this. Yet, every week I am removing stupid posts like in the image.

Where is the confirmation? I really have to click on a link and tell them this group is spam? Why not have some protocols in place to avoid me getting annoyed like this?

Here are some ideas that anyone running a group website could implement:

1. Multiple fields on form

Make them fill out more information than your name and small description. Make them enter in some contact information. Require a description field to be 20 words or more (not just characters). Have an algorithm determine if the description is jibberish or actually says something.

2. CAPTCHA

It’s annoying, but in a way, it’s meant to be annoying. That way, you know someone is human. Yahoo! does have some CAPTCHA algorithms that they could use in this group. It also kills the bots attempts to register groups.

3. Confirmation

Email confirmation means they have to register an email address first. That might also stop some bots from creating groups.

These are not revolutionary ideas. They have been used before and can be used again. The more we can stop spammers and bots, the less phishing scams and malware can be created. When that happens, people and companies save millions of dollars.

So Yahoo! – If you’re just going to let it continue, then why not shut down YahooGroups and get out of the business. It’s what you’re doing anyway…


Malware Myths



GData has found that many people’s preconceptions about malware are wrong and are putting them at risk of malware infection. The vectors for viruses and trojans have significantly changed in the past couple of years and infections now mainly come from websites rather than emails and USB sticks. The growth of malware in the past five years has been phenomenal and since 2005, over 2 million malware threats have been identified.

GData surveyed nearly 16,000 web users in 11 countries regarding their views on internet threats. People are generally more knowledgeable now, with only 4% admitting to having no antivirus software on their computer, although 5% didn’t know. 48% of those questioned have free AV software and 41% have paid software. The survey is not entirely clear if it was Windows PCs only or any computer, including OS X and Linux.

GData identified 11 malware myths that can lead to a higher risk of infection. Here they are.

Myth 1: When my PC is infected, I will notice in one way or another (93%)
No, modern malware writers are smart and code their viruses and trojans to make sure that they work stealthily and unnoticed in the background.

Myth 2: Free AV software offers the same elements of security as paid for packages (83%)
Anyone who has bothered to compare the feature sets of free v. paid versions of security software from nearly any company will know that this isn’t true. Usually the free ones are missing features such as firewalls or anti-spam filters.

Myth 3: Most malware is spread through e-mail (54%)
As mail spam and antivirus filters have got better, malware in attachments has become rarer as it has become less effective. Consequently most spam / malware emails now only come with links to infected websites rather than payloads.

Myth 4: You can’t get infected just by loading an infected website (48%)
Sadly not true. Websites loaded with malware that take advantage of vulnerabilities in the browser and operating system can infect a PC even when the user is “just looking”.

Myth 5: Most malware is spread through downloads at peer2peer and torrent sites (48%)
Undoubtedly some malware is passed on via peer-to-peer but today websites are the prime source of infection.

Myth 6: It is more likely to encounter malware at a porn site that at a horseback riding site (37%)
Much as we might like this myth to be true, serious adult sites are professional and run to a high standard. The web site is key to their business and they make sure the sites are secured and up-to-date with patches. On the other hand, hobby websites are run by enthusiasts who are rarely IT experts and these websites are easily compromised by criminals who then upload malicious code to the site which subsequently infects visitors.

Myth 7: My firewall can protect my PC from drive-by-download attacks (26%)
Sadly, not true. Firewalls are a useful security component but because much malware is web-based and web traffic is generally allowed (because you couldn’t access websites if you didn’t), firewalls provide only limited protection against them.

Myth 8: I don’t visit risky sites, so I am safe from drive-by-downloads (13%)
This is much the same as Myth 6, but the point to take is that your trust in the website brand does not have a direct correlation to the likelihood of being infected. In the recent past, a couple of high-profile trusted sites have become vectors for malware without the owner’s knowledge.

Myth 9: If you don’t open an infected file, you can’t get infected (22%)
The emphasis in this myth is on the “you”. In a perfect world this might be true, but modern PCs and operating systems are so complex and do so much in the background that it’s possible for a malicious file to infect a PC regardless of what the user actually does.

Myth 10: Most malware is spread through USB sticks (13%)
In the past a large proportion of viruses and trojans would have been passed on using USB memory sticks and while they can still be a vector (Conficker!), now more malware is spread by websites.

Myth 11: Cyber criminals aren’t interested in the PC’s of consumers (8%)
As most people recognised, consumer PCs are definitely of interest to consumers, either to form part of a botnet or else to monitor for passwords for on-line services.

There is a natural assumption amongst Internet users that pornography sites are more dangerous than other leisure sites. This is a myth. Amateur hobby/leisure sites are often not professionally run like many pornography sites, making them much easier prey for hackers,” says Eddy Willems, G Data Security Evangelist. “In the past, malware was written by developers who wanted to show off their technical skills, meaning it was visible to infected users. Now cyber criminals design, sell and make use of malware that enables them to take control of PCs’ computing powers in such a way that users do not notice the infection. This covert approach not only puts users’ data at risk, but also allows cyber criminals to send spam e-mails and malware, and participate in DDoS attacks. Internet users must correct their misconceptions in order to stay safe online.

You can download the full report (.pdf) if you want more information on the survey itself and the myths.

So stay sharp out there. The bad guys are out to get you.


Phantom AOL eMail



I’m still getting mail from dead people.  An AOL account belonging to a friend of mine who passed away almost three years ago has been hijacked and sends me at least one spammy email a day.  I tried to block her emails using my spam blocker, but some still get through.  She had three or four AOL email addresses, and all of them send me spam email.

Now I’m getting spam email from a mechanic I used a few years ago.  The same type of spam email, and I’ve tried to call him, but he appears to be out of business.

But good old AOL, they aren’t out of business, and they never delete email addresses in their system, so I’m destined to get multiple emails a day from these defunct accounts.  And seriously, mail from the dead is just creepy!  AOL doesn’t seem to be responsive to requests to shut down these accounts (I’ve tried that) and they don’t even want to talk to you unless you have an AOL ID to sign on with.  There is no way I want to sign up for an AOL account just so I can complain about another AOL account.

Short of turning on blocking, spam filtering, etc., what is the solution?  How many of millions of AOL (or Yahoo, or Hotmail) email addresses are really defunct, but still sending out spam email because they’ve been hacked?  And why does it seem so hard for these emails to get turned off or deleted?  I sure wish I knew the answer.