Archive for January, 2007

How to edit any Webpage on the fly using JavaScript

January 30th, 2007 * Comments(0)

OurPicks have an interesting piece of code snippet on their forums. A simple JavaScript code that lets you edit any webpage, static or dynamic on the fly

Let us try this:

Step # 1: Go to any website. Let us go to Slashdot.org

Step # 2: Delete everything in the address bar

Step # 3: Paste the following JavaScript code in the address bar

javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0

Step # 4: Enjoy

Webpage edit of Slashdot on the fly

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Slot Machine suffers from the Blue Screen of Death

January 29th, 2007 * Comments(0)

The supposedly indestructuctible slot machines, turns out are prone to failure like any other machine. The inquirer reports this Blue Screen of Death on a slot machine at the International Casino Exhibition in Earl’s court, London.

The machine was built by Italian Motherboard maker Zest, demonstrating its latest “high-reliability” computer designs. The machine was built on a 800MHz Celeron M processor and the 852/855 chipset with complicated RAS functionality built in. However the 22 large elctrolytic capacitors on the power circuit might be throwing off the viability of its design.

Blue Screen of Death on a slot machine

Analysis of Spam Thru botnet

January 29th, 2007 * Comments(0)

Mark Sunner, Chief Security Analyst at MessageLabs was among the many security analysts watching one Trojan called “Spam Thru”, a piece of malware designed to send spam from an infected computer, at the turn of last year. Spam Thru represented an expontential jump in the level of sophistication and complexity of these botnets, harnessing a 70,000 strong peer to peer botnet seeded with the Spam Thru Trojan. Spam Thru is also known by the Aliases Backdoor.Win32.Agent.uu, Spam-DComServ and Troj_Agent.Bor.

Spam Thru was unique because it had its own antivirus engine designed to remove any other malicious programs residing in the same infected host machine so that it can get unlimited access to the machine’s processing power as well as bandwidth. It also had the potential to be 10 times more productive than most other botnets while evading detection because of in-built defences.

The thing that worries Mark Sunner the most is that he suspects the major traffic spike towards the end of 2006 was merely a test run for more if not similarly sophisticated botnets to follow. Sunner adds

” With new levels of sophistication this has reached a real milestone. Botnets are getting smaller, more stealthy and more discreet and yet the volumes of spam are going up. Without a hint of scaremongering, will this get a lot worse throughout 2007 in terms of botnet sending? Absolutely, yes.”

The British IT-Sicherheitsfirma Message Lab registered a dramatic increase in Spam Mail traffic from 64.4% to 72.9% late last year, all attributed to Spam Thru.

Increase in Spam Traffic attributed to SpamThru

Read more »

Nigerian Scammer moves to London, England

January 28th, 2007 * Comments(0)

The most visible form of fee fraud today is the Nigerian Letter or 419 fraud. A typical letter claims to come from a person needing to transfer large sums of money out of the country or from a lottery company. As the Nigerian letter has become well known to potential targets, the gangs operating the scams have developed other variations.

So apparantly, the Nigerian Scammer has shifted base out of Africa and into the Queen’s country, England. Below is a picture of the email.

Nigerian Scammer sample letter

Related Articles:

Read everything you need to know about the Nigerian Email Scam here in this in-depth article on Crimes of Persuation

Spammers now using TinyURL to flood comments

January 28th, 2007 * Comments(0)

Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages. While the most widely recognized form of spam is email spam, spam in blogs is becomming huge these days along with search engine spam and mobile phone messaging spam.

Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge.

Blog Spam or “blam” for short is spamming on webblogs. This type of spam takes advantage of the open nature of comments in the blogging sftware by placing comments to various blog posts that provided nothing more than a link to the spammer’s commerical web site.

Blogs such as TechCrunch have caught over 1 million spam comments. For most blogs such as this one and AskStudent, the protection from such Blog Spam like TechCrunch is Akismet.

Today, I saw a new method of Blog Spam by these spammers. They are using TinyURL, a very popular web service which provides short aliases to long URLs. TinyURL inspite of its benefits has had to face the criticism that they are opaque, hiding the ultimate destination from a web user. This opaqueness is now being leveraged by spammers, who can use such link in spam and thus bypassing URL blacklists.

Example showing the use of TinyURL in blog spam

UPDATE:

TinyURL has blocked the above site stating that they abused their policy. How does one deal with such spam? Post in comments area.

TinyURL blocks spam link

Related Articles:

1. How to hide your email address from spammers, a thorough guide

2. How a PayPal phishing email looks like and how to detect it

3. Top phishing targets are Ebay and PayPal followed by Banks

4. References: Wikipedia article on spammer

Next Page »