KnujOn (nûj-ôn)

Discuss Knujon at CastleCops Become a Premium Member
Tech Security Feeds:
cnn| fox| msnbc| zdnet| bbc| gcn| reuters| theregister|
KnujOn Press| techworld| computerworld| securityblog.itproportal| castlecops| apwg| wp securityfix| spamhaus|
first| mcafee avert labs| bankinfosecurity| dhs| cnet| contrarisk| ddanchev.blogspot| ben edelman| jonathan zdziarski|
Knujon Archives: 2007| 2006| 2005|

News - 2006 Archive

Archived 2006 News, for current news click here Joe-Jobed

December 29, 2006

We've received hundreds of submissions referencing and they are in fact being Joe-Jobbed.

Spammers using Evite to send junk

December 28, 2006

We're not surprised by this, just surprised it took so long to see one. is free service that allows users to send electronic invitations to parties. The service allows people to send mass emails that link to pages on, we always knew it was only a matter of time before the scammers started using it. The one bellow links to an Evite page that has a typical junk mail message.


27h Bao Feng Mansion, 299 Jingjiang Road, Shanghai China. Dear Sir/Madam, We are co-operation who deal on raw materials and export into america/europe. We are searching for representatives who can help us establish a medium of getting to our custumers in America and Europe as well as making payments through you to us.I will also like to note here that acting as my payment agent in your country in other words,you will be collecting payment from customers i suply goods to. By doing this on my behalf you will be paid 10% of very amount that you collect. Please if you are interested in transacting business with us we will be very glad,please contact us for more information. Subject to your satisfaction you will be given the opportunity to negotiate your mode of which we will pay for your services as our representative in America/Europe. Please if you are interested kindly reply back to us as soon as possible,with the email below. Thank you, Mr Kim Young.(C.E.O ) Feihua organisation.China is a completely legitimate service that is not involved in spam. Does this mean that will now be blocked? Yet another reason why content blocking will not solve the problem.

MySpace team battles spammers

December 27, 2006

A haven for scam artists, users are vulnerable to a plethora of cyber crimes including identity theft - scams are on the rise - Thieves lure victims with explicit photos in profiles - Site created team that monitors unwanted posters (

Windows Vista security flaw discovered

December 26, 2006

NEW YORK (AP) -- Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers. (

Stock scammer gets coal for the holidays

December 23, 2006

The U.S. Securities and Exchange Commission put a suspected Russian brokerage-account thief's money on ice this week, after he allegedly used illicit access to people's online portfolios to drive up stock prices. (

ORDB bids a long goodbye

December 22, 2006

The Open Relay DataBase, the spam fighting organisation that lists open relays historically exploited by spammers to send junk mail, is to close down at the end of the year, five and a half years after it was first established. (

Addressing Clients With Report Issues

December 21, 2006

We're working very hard this week to identify the client accounts that have report issues. We have already resolved a number of them. Many new members will receive the first report today or tomorrow. We have notified users who have outdated Thunderbird or Okopipi plugins and there is an additional issue that we are currently working on that seems to be affecting a minority of users. Thanks for your patience.

Client Testimonial

December 20, 2006

“In October of 2005 I was receiving, on average, 100-130 junk emails per day. I thought the only thing I could do was delete them and hope I stopped receiving them. Then I joined KnujOn. Instead of simply deleting my junk email, I forward them to KnujOn. Within a month, I noticed a decline in the number and variety of junk email I received. Now, more than a year later, the amount of junk email I receive has been reduced by about 70%. Clearly, KnujOn is performing as promised. With more than 10,000 websites shut down and counting, KnujOn is leading the fight against internet spam and junk mail whose intent may be malicious, and I am glad to be one of the members of KnujOn fighting back.”


Mining Your Christmas Garbage

December 18, 2006

Anyone concerned with privacy issues and identity theft knows about the concept of "Dumpster Diving" or going through corporate and personal garbage to find crucial data. News articles regularly appear detailing data found on un-erased disks and documents discarded by companies and government agencies:

US Military Data Cassette Found on Hungarian Garbage Heap (
Oracle-MS flap -- how it happened (

What you throw out after this weekend could tell people quite a bit about you, consider the following:

  • The names and addresses of all your friends and family
    Where: The return address labels on Christmas card envelopes
  • All your credit card numbers
    Where: On the gift receipts you throw away
  • What new luxury items are in your house(DVD, iPod, flatscreen...)
    Where: The empty boxes on the curb
Discard carefully!

The Fight Against

December 15, 2006

As many have noticed there is has been a spike in junk mail from Some you have also noted that this site does not remain shutdown for very long. We have made a special case out of this and will update everyone as time permits. For reference they in China, hosted by in China). The entire site is in Chinese but we have translated the spam policy. It is a very rough, very literal translation, we don't claim to speak Chinese(not yet anyway):

(1) strictly prohibits the our company user transmission junk mail, not the good information and so on violating the national related stipulation content the email.
(2) regarding transmits this kind of mail the user, the our company is authorized to in does not inform the user in the situation to suspend the correlation service.
(3) suspension service user like wants reto clear the service, must transmit the written guarantee to the our company, verifies uses judgement through after to clear.
(4) regarding continuously two time transmits this kind of mail the user, our company permanent closure its mailbox account number. Circumstance specially serious, will propose the related law enforcement to process.

To post a policy is one thing, to follow through is another. We are going to test them to see if they stick to their policies. It is worth noting that even though the policy is posted they have no method for filing a report. This is often is a sign of a registrar/host who is not in full compliance.

New York Times Article Confirms KnujOn Thesis

December 12, 2006

A New York Times article by Brad Stone on the state of spam (Spam Doubles, Finding New Ways to Deliver Itself) confirms everything KnujOn has been saying for 3 years. In articles, presentations, whitepapers, editorials, lectures and regular news updates at this site KnujOn has repeatedly put forth the argument that content blocking and filtering alone will not solve the problem. We have 8 main arguments against relying on spam filtering. See how quotes from this article match up to those points:

"...according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet."

"Image spam increased fourfold from last year and now represents 25 to 45 percent of all junk e-mail, depending on the day, Ironport says."

"Antispam firms spotted the skyrocketing amount of image spam this summer."
KnujOn Argument 1: Does not actually reduce the flow of junk mail

"Now employees are stopping us in the halls to ask us if we turned off our spam filter..."

"...the team received 5,000 e-mail messages and the Barracuda spam appliance blocked all but 300. Still, some employees continue to see two or three pieces of spam in their in-boxes each day."
KnujOn Argument 2: Junk mail still gets through

"...the Mariners’ network manager, said he tried to tighten spam controls and inadvertently began blocking the regular incoming press notes from opposing teams."
KnujOn Argument 3: Good mail gets blocked

"...last month a sudden Internet-wide increase in spam clogged his firm’s servers so badly that the delivery of regular e-mail to customers was delayed by hours."

KnujOn Argument 4: Legitimate Marketing and Corporate Communication Treated as Spam

"...researchers at Purdue University and Oxford University this summer found that spam stock cons work. Enough recipients buy the stock that spammers can make a 5 percent to 6 percent return in two days, the study concluded."

KnujOn Argument 5: Filtering does not stop the crimes behind the email

"...the Mariners’ network manager, said he tried to tighten spam controls and inadvertently began blocking the regular incoming press notes from opposing teams."
KnujOn Argument 6: Anti-Spam Companies as Censors

"To relieve the pressure, the company took the drastic step of blocking all messages from several countries in Europe, Latin America and Africa, where much of the spam was originating."
KnujOn Argument 7: Reduces the Value of Email as a Communication Tool

"...spammers are making money..."

"...most active spammers now operate beyond the reach of American law enforcement. Antispam researchers say the current spam hot spots are in Russia, Eastern Europe and Asia."
KnujOn Argument 8: Creates an Underground Network for Scam Artists

Mr. Stone's article is interesting for many reasons but one is glaring, that the overall message seems to be that filtering and blocking has failed yet all the "new" ideas out there are recycled versions of the same old ones. However, it is important to note that the programmers of filtering software have come up with some amazing algorithms and code but they are looking through the wrong end of the microscope. We at KnujOn are not just throwing out casual criticism, KnujOn actually has a plan to fight the problem.

Counterfeit Goods and Unauthorized Seal Use

December 11, 2006

A major key to setting counterfeit goods is deception. The potential customer has to be tricked into thinking that the offered product is(or is as good as) the genuine article. In this pursuit junk emails will use names and images of name-brand products to sell "replica" or imitation. This, in and of itself, is bad enough. The junk mailer below went a step further and used a forged ScanAlert HackerSafe seal in emails and their websites. ScanAlert is a service that verifies sites for their security level and then provides a seal so customers know the site is safe for e-commerce. This attempt to use the seal without permission continues to undermine consumer trust. Compare the junk mail on the left with a real ScanAlert approved site on the right:

KnujOn contacted ScanAlert immediately and the sites advertised in the junk mail have been taken down(, and the fake seals seem to have been removed from their other sites(, - certainly there are more. We are continuing to monitor the emails that come in to ensure compliance.

With the holidays sitting on top of us the bogus-goods junk emails are coming fast and furious. There are hundreds of reasons not to buy counterfeit goods: from watches that cloud over in a week, to batteries that explode, to handbags made by child labor. You can read about the dark side of fakes here.

Concerns Over "Image Only" Junk

December 10, 2006

Recently some of you may have noticed an increase in image-only(no html, url links or text) drug junk. We see this as progress and a reaction to efforts by services like KnujOn. There are those who see this as a threat, but don't worry, it's a minor issue and KnujOn already has a pre-process for this type that is applied before putting it through the core engine. Most of the sites advertised have pending actions against them.

More information
About Perscription Drug Junk

Who else is talking about Knujon?

December 9, 2006

" I personally think a combination of...and knujon type services that chase the advertised service are the closest to an answer that we will get." (

Your iPod may have a surveillance risk

December 8, 2006

If you enhance your workout with the new Nike+ iPod Sport Kit, you may be making yourself a surveillance target. (

Also see

Who else is talking about Knujon?

December 7, 2006

"Could this be a new Bluefrog?" (

Hackers hit Naval War College computer network

December 6, 2006

PROVIDENCE, Rhode Island (AP) -- Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site. (

AT&T Credit Cards Spoofed and Phished by...Citibank?

December 5, 2006

A completely legitimate email advertisement from AT&T Credit Cards contains completely stupid content which makes it appear to be a phishing email. It was reported to us by a suspicious and cautious KnujOn member, problem is it's real.

The "fully disclosed" URLs appear to link to but really link to Consumers are having a hard enough time trying to decide what is real and what isn't on the Internet without being fooled by their own credit cards. This email behaves the same way a phishing email would. Does the average customer know that AT&T and Citibank are partners? Not likely. What is worse is that this email is billed as a "security alert" just as phishing emails often are. Technically, this email meets the criteria to be stopped by filtering software.

KnujOn Passes 10,000

December 4, 2006

This weekend we clocked our ten thousandth site shutdown(and then eleven thousand this morning). It is a big milestone for KnujOn just as the first 100 and first 1000 were. However, you should all give yourselves a big pat on the back as well since it only happened because you all submitted junk mail. Thanks for your support!!!

'WhiteHat Team' leader charged with hacking government computers

December 3, 2006

LOS ANGELES, California (AP) -- A Romanian man has been indicted on charges of hacking into more than 150 U.S. government computers, causing disruptions that cost NASA, the Energy Department and the Navy nearly $1.5 million. (

Three New-ish Items That May Be Helping Spammers and Confusing Email Users

December 2, 2006

Three items that everyone should know about for their own protection when it comes to junk email. Spammers use all kind of methods to obfuscate the true location of links within emails and we have seen evidence of these recently:

  • URL Shortening Services
    There are several services out there that mask URLs by replacing them with a database entry at a second site that redirects the link. Example, say you have a URL like this: "" the URL shortening service will provide a database driven re-direct link like this: We have seen no evidence yet that these services are intentionally helping spammers, but the spammers are certainly using them.
  • Here comes the .MOB
    New top level domain extensions(TLD) are being made available like .MOB for "mobile" and .PDA for "personal digital device". The addition of these may confuse email users and mask spam urls.
  • Non-Western Characters in URLs
    There is a big push to allow other alphabets into web protocols, for example Cyrillic(Правда). Maybe even Arabic (العربية). Thai? (กขฃค). Other character sets are already popping up like European words with accent marks. Example: "àmà" vs. "". Subtle changes may cause confusion for users.

    More information:
    Standards in Multilingual Information Retrieval (MIR) (
    Changes to IDN in IE7 to now allow mixing of scripts (
    Serious security issue -- phishing vulnerability (
    Internationalized Resource Identifiers (IRIs) (
None of the above items are inherently bad, they are just part of the progression of the Internet as a communication tool. However, the pace of the technology will always be faster than the consumer's ability to maintain awareness of threats. It is impossible to predict every way someone may abuse technology, the best bet is be aware of the changes out there.

U.S. warns financial firms of terror threat to websites

December 1, 2006

WASHINGTON (CNN) -- A Department of Homeland Security advisory cautioning that al Qaeda may be planning cyber attacks on banking and financial institution Web sites was issued out of an abundance of caution, although there is no corroboration, a DHS spokesman told CNN Thursday. (

Reporter says 'sorry' for royal phone-tap scandal

November 30, 2006

A TABLOID journalist made a public apology to members of the Royal Family yesterday for plotting to hack into personal phone calls. (

Jihadists Attack Vatican Web Site

November 29, 2006

"The leadership of the electronic Jihad has decided to undertake a grand attack against the official Vatican site following the insults by the Pope against our Prophet," the statement read in Arabic, referring to remarks the Pope made in a September 12 speech. (

Vacation Pictures from a Friend(NOT!)

November 28, 2006

Trying to piggyback on popular services like SnapFish, this spammer is using fake vacation photo forwarding to push software:

Judy has sent you a photo from Vacation!

Click here to view the photo Judy has sent from vacation:

Click here to share your photos with a friend:


At Vacation Photos Online we care about your privacy. We have sent you this 
notification to facilitate your use as a member of our service. If 
you don't want to receive emails like this to your email account 
in the future, please click below:*Judy

Vacation Photos Online Inc. - 4598 River Glen Dr, Las Vegas, NV 89103 USA

©2006 VP Online Inc., All Rights Reserved.

across a network, to control access to printers, and to do printer
tarball, is going to be something like:
following line to the password file (using the vipw command):
		      UARTs, the word in the holding
will no longer be equal to the total, so a simple comparison will
Note that psof does not charge for header pages.
/mask-bits Here is an example: this command prints a nicely formatted version of returns a result code. I have heard this sequence can result in a "type 1 removable SCSI 2" "density code 0x19" time required to backup to data directly to tape exceeds the amount of sequential memory locations, that action will refresh all of \ reputedly are quite expensive. filter program. printer uses a different character or sequence of characters to eject and if it finds a match, connects the serial line to an available SLIP Last login: Mon May 1 21:16:55 from grumble # (/etc/ppp/options or ~/.ppprc if you have more then one user on :if=/usr/local/libexec/psif:\ `secure' and `eBones' collection lines to grab the DES code. If you If you have used more (i.e., a number other than `1' in the pseudo- blo 750-N line printer connected to the network. The printer accepts it is not found. system environment (and its installation) rather than just a kernel or ^^^^^^^^^^^^^^^ types `make' in your port's directory, and you may find that having Same as NS16550A with subtle flaws corrected. This is revision options ``CD9660'' # typesetting system) named fish-report.dvi to the printer named bamboo: Tons of them: base delta.
The links lead to a software download site run by the Alex Rodrigez/Paul Gregoire group. Is it pirated software, you ask? Well if the going rate for MicroSoft office 2003 Professional is $499 and they are selling it for $69.95, well you be the judge.

'9 out of 10 e-mails now spam'

November 27, 2006

LONDON, England (Reuters) -- Criminal gangs using hijacked computers are behind a surge in unwanted e-mails peddling sex, drugs and stock tips. (

Who else is talking about Knujon?

November 22, 2006

Anti-Spam Update - Knuj0n and Boxbe (

Who else is talking about Knujon?

November 21, 2006

Anti-Spam Strategies That Work (

Wikipedia Blocked, then un-blocked, then re-blocked in China

November 20, 2006

BEIJING, China (AP) -- The easing of a ban on the popular online encyclopedia in China was short-lived. Barely a week after Wikipedia viewers were able to access the Web site -- after a year-long ban -- they reported Friday that it was blocked again in several parts of China. (

Who else is talking about Knujon?

November 19, 2006

"It still seems a bit mysterious and as though they are starting up slowly but surely..." (

Stock Spam in ASCII Art

November 17, 2006

Very clever, random numbers, bypasses filters! Forwarded to SEC, not sure if they will even know what it is...

What is ASCII?(
What is ASCII Art?(
Stock Junk information

Who else is talking about Knujon?

November 16, 2006

"There are other links on the KnujOn website, leading to heaps of information, all of which contain (to me, at least) very convincing arguments in favour of reporting spam, not just deleting it. " (

Government study: Internet 1 percent porn

November 15, 2006

PHILADELPHIA, Pennsylvania (AP) -- About 1 percent of Web sites indexed by Google and Microsoft are sexually explicit, according to a U.S. government-commissioned study. (

Knujon note: The headline is somewhat misleading.

Beware of Internet Vacation Packages

November 14, 2006

The Internet is full of fantastic deals for airfare, hotels, car rentals and even whole vacations. This has opened the door to fraud and deception. The success of LowestFare, Priceline, Hotwire, Expedia, and Orbitz has generated many other travel services that may or may not be legitimate. There are a few simple rules for picking one of these Internet deals:

  • Don't buy travel services from spam or fax junk advertisers
  • Read refund/return/cancellation policies carefully. If they don't have one published, don't buy from them!
  • If it's too good to be true, it probably is. Internet travel sites can sell at low prices because they buy bulk fares in advance knowing that airlines/hotels can't sell everything on their own and they make money on the margins. It's somewhat of a gamble but everyone wins: you get cheap tickets, the service gets fee profit and the airlines/hotels fill quotas. The "other" travel services are a little different. They often offer absurdly low prices before securing any services and hide fees on the back end you will be responsible for.
  • When in doubt, check them out. If they are a legitimate company, there will be reviews and documentation. Check with and the Better Business Bureau to see if they are legit and/or have any unresolved customer complaints(every company has complaints, the question is do they fix them? and what are the kind and how many complaints?). If there is no history at all, they may be fake.

What are some things that have happened to folks who use less-than-reputable travel services?
  • Customers pay for a trip and don't get anything. When they try and get a refund of some kind of service, the company has disappeared.
  • The company sends tickets or vouchers but the airline/hotel does not honor them.
  • Customers are charged extra(and often large) fees when presenting vouchers.
  • One fare is promised but a different one is charged.
  • The company agrees to a schedule but the dates are then changed by the company.
  • Customers are promised a specific airline/hotel but different services appear on the voucher(s).

Let's take a look at 2 services someone told us they had trouble with: CHEAPTICKETSCANCUN.COM and TRAVELCOMM.COM. Everything seemed fine at first until they discovered some fees that were not documented previously. They called CHEAPTICKETSCANCUN.COM to resolve the matter and claimed that they were put on hold indefinitely, spoken to rudely, hung up on, etc. They haven't actually taken the trip yet but they are worried. This could have all been avoided by looking at the history of these companies before making a purchase.

In the example of CHEAPTICKETSCANCUN.COM there is no physical address of the company listed on their website, just a phone number. Compare this to who list their mailing address clearly in the site's legal info. So then where is CHEAPTICKETSCANCUN.COM registered you may ask? They are registered in Arizona through a anonymous proxy service, but the company is not in Arizona. The company is registered in Florida, but not under the name CHEAPTICKETSCANCUN.COM. The real company name is: Mexico Vacations, TC Lakehurst Orlando, FL 32802. In checking review sites it is easy to find that has a review of them and it's not pretty.

On to TRAVELCOMM.COM. A review of a BBB report shows that TRAVELCOMM.COM has had over 300 complaints in the last 36 months, about 10 complaints per month. Of these complaints 92 are unresolved at this time. This means you have a 30% chance of being ignored if you have a problem with them. In addition TRAVELCOMM.COM has been issued citations(and not the good kind!) by the FCC and FTC for sending unsolicited advertising. Still haven't made up your mind? Read this review(

Knowing this ahead of time, would you have purchased a vacation through them?

Who else is talking about Knujon?

November 13, 2006

"I am hoping to be able to reroute messages caught by certain content filters directly to Knujon instead of deleting them outright." (

New Upload Interface

November 3, 2006

Junk Upload

Report Link Error

November 2, 2006

There was a link error at the bottom of the report pages last week. This has been corrected.

FBI Seeks Info on Saad Echouafni

November 1, 2006

Saad Echouafni, head of a satellite communications company, is wanted in Los Angeles, California for allegedly hiring computer hackers to launch attacks against his company's competitors. On August 25, 2004, Echouafni was indicted by a federal grand jury in Los Angeles in connection with the first successful investigation of a large-scale distributed denial of service attack (DDOS) used for a commercial purpose in the United States. In a DDOS, a multitude of compromised systems attack a single target causing a sustained denial of service for its customers. The investigation, codenamed Operation Cyberslam, was initiated in 2003 when a large-digital video recorder vendor based in Los Angeles reported a series of crippling denial of service attacks that effectively halted its business for nearly two weeks. That business, as well as others both private and government in the United States, were temporarily disrupted by these attacks which resulted in losses ranging from $200,000 to over $1 million. Full Sheet (

Who else is talking about Knujon?

October 30, 2006

"Channel surf the internet with StumbleUpon! Discover great websites, videos, pictures and more — all according to your interests" (

Filters Seeming to Block Everything, Spam or Not

October 29, 2006

Maybe you have noticed the same trend, an increasing number of legitimate emails are being blocked as spammers find ways around filters and filter companies become more aggressive to compensate. Here are a few things sent to me that have been blocked:

  • A legitimate email that contained the word "Viagra"(spelled correctly!)
  • A real message from my bank
  • A support ticket from the phone company
Contrast this with the 800+ real junk emails that passed filters in one of our test boxes this week.

Below is a statement on and camera company):

IMPORTANT NOTICE: Some Internet Service Providers may block replies, assuming they are unwanted messages. To ensure that you receive a response to your inquiry, we recommend that you add to your address book. This will also allow you to receive valuable information from Canon such as product updates and special information about Canon products, supplies and accessories.

Canon is telling its customers that they cannot guarantee their service messages will get through. To me this is an admission of failure. An admission that aggressive filtering has caused a communication breakdown between business and consumer. If it is the goal of spammers to hobble Internet communication, then they have won. Yet another example of why content blocking does not work.

$6.5m fine for sending spam email

October 28, 2006

PERTH - A Perth-based company has been fined A$5.5 million ($6.5 million) for sending millions of unsolicited emails, with a judge labelling the spam annoying, costly to combat and a threat to the internet. (

A Question of Scale

October 27, 2006

In July a new KnujOn user commented that they were impressed with the 3910 shutdowns but expressed concern that the count would have to be much much higher for a true impact. We know people are wondering where KnujOn is going and what the future goals are. We have plans to address these questions. Up until recently KnujOn was experiment and research. Now we are passing from the experimental stage to true large-scale application.

There is no reason to doubt that KnujOn could pass 100,000 shutdowns in a year. This is a question of scale. In very beginning stages we had 10 mailboxes contributing which lead to 123 site shutdowns in 3 months. This was very exciting because at the time the only comparison we could make was to expensive lawsuits and government investigations that lead to a little over 200 site shutdowns. After 6 months with the 10 mailboxes we passed 1000 shutdowns, which to us was proof of process effectiveness. We expanded to several dozen users and doubled the shutdown count in 6 months. Rapidly increasing participation since spring, 2006 has lead to over 7000 shutdowns and we are confident that we will reach 10,000 in the coming weeks.

We have tried very hard to calculate projections of shutdowns as they relate to increased membership but this has been extremely difficult. Because we have been constantly improving and adding to the process we have been unable to produce a calculated rate of increased success. However, there is a clear correlation between increased participation and increased shutdowns. Because every new user reveals sites, connections and tactics we haven’t seen before. Very often a single email report can lead to a wave of shutdowns.

Because of this plans are in the works to extend the process to as many people as possible and make it as simple as possible.

Thank you for your continued support and participation!


Who else is talking about knujon?

October 26, 2006

TechArena - The Indian Perspective of Technology (

Hackers prey on online stock trades

October 25, 2006

NEW YORK (CNN) -- Hackers have been ringing up big losses at America's top online brokerage houses this year after infiltrating company systems and illegally trading millions of dollars, according to the Securities and Exchange Commission (

Who else is talking about knujon?

October 24, 2006

SpamCop's WebMail (

Spammer kills coffee shop's connection

October 23, 2006

Submitted by a Knujon user

These days, free or low-cost WiFi is almost a given at a coffee shop as are double-tall, half-decaf moccachinos with hazelnut syrup (hold the foam). WiFi is great for attracting customers... and spammers, as The Green Bean in Greensboro, NC found out last week. The coffee shop had its Internet connection shut off after its ISP noticed a gigantic volume of spam originating from its IP address. (

McAfee Says Microsoft is Witholding Vista Security Information

October 22, 2006

McAfee is one of several software security firms concerned that Microsoft will wait too long to give information they need to protect customers using Microsoft's new Windows 64-bit Vista. (

Who else is talking about knujon?

October 21, 2006

"I know for a fact that I have several shutdowns with Knujon..." (

Mac attacks rare but rising

October 20, 2006

NEW YORK (CNN) -- Apple computers have long been prized for being relatively virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware. (

Apple Admits iPod Virus

October 19, 2006

"We recently discovered that a small number - fewer than 1 per cent - of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus," reads a statement on Apple's website. There's no "Windows RavMonE.exe virus", but there are a few viruses which create an executable file called "RavMonE.exe". RavMonE.exe is the name of one of the executable files used by the RAV antivirus software. (

No Books at this "Library"

October 18, 2006

One might think that a site called "" would give you access to America's public libraries, university libraries or summarize the Dewey Decimal System. However, it redirects to "" a site selling dubious "medial" products. This is part of the soft deception that erodes confidence in Internet communication.

Who else is talking about knujon?

October 17, 2006

FBI Seeks Info on Jie Dong

October 16, 2006

Jie Dong is wanted for defrauding Internet auction site users out of approximately $800,000. In the fall of 2003, Dong allegedly offered items on the auction site and collected money from the purported winning bidders. Dong is alleged to have never produced the promised merchandise to the nearly 5,000 victims. Dong is believed to have later fled from the United States to China and may now be in Hong Kong. Full Sheet (

How to escape from junk mail hell

October 15, 2006
Submitted by a KnujOn member

Spam is the scourge of the 21st century, but there are steps you can take to reduce the junk you receive, writes Nicole Manktelow. (

Who else is talking about knujon?

October 14, 2006

Is there a way to get back at a spam emails? ( May Lose Domain Name in Court

October 13, 2006

The U.K. based Spamhaus Project(site may be down, if so use google cached page) has been tracking spammers for a lot longer than KnujOn. Their project is quite different, using blacklists and real-time filtering, specifically through ROKSO(Register of Known Spam Operations). The have been sued in a U.S. Court by, an e-mail marketing company that was blacklisted by Spamhaus. Spamhaus has stated that their shutdown would lead to a deluge of junk mail. describes Spamhaus as a "fanatical, vigilante organization". While we don't know all the details yet, the intensity and language is a commentary on how much money is at stake. ICANN has stated that it can't comply with the court's order. We'll be following this closely of course!

Triade Systems Creates Gmail Reporting Script for KnujOn

October 12, 2006

Thanks to Triade Systems there is now a Python based script that will help gmail users report to KnujOn.

Download Script (
Instructions (
What is Python? (
Python (

al-Qaeda Plans Cyber Attack on Vatican Website Tonight

October 11, 2006

hackers allegedly supporting al-Qaeda claim they will launch an attack on the Vatican's official website on Wednesday night... (

Your Wi-Fi Is Vulnerable to Attack

October 10, 2006

As Intel announces chinks in its wireless radio software, researchers show how hackers can take control of even encrypted Wi-Fi laptops (

Hungarians Love KnujOn

October 9, 2006

Who else is talking about KnujOn?

October 8, 2006

Antispam engine enhancements proposals (

Fake Company Exposes Internet Arms Dealers

October 7, 2006

Comedian 2, Internet Arms Dealers 0 (

Thomas' most provocative stunt may have come earlier this year, when he helped a bunch of teenaged schoolgirls set up an online arms dealership. Before long, they were pricing out tanks, negotiating for grenade launchers, and -- in his words -- buying up stun batons and other "equipment intended for torture or ill-treatment." (

Mark Thomas - plays "let's start an arms company" (
Two arrested over internet sale of military weapons (
Fears over policing internet arms (
"Too little is being done to police the Internet as an emporium for selling dangerous weapons in the UK, says a group of MPs. " - UK Commons Quadripartite Committee

Microsoft warns software pirates

October 6, 2006

NEW YORK (Reuters) -- Microsoft Corp's upcoming Windows Vista computer operating system will include technology that is designed to prevent pirated copies from fully functioning, the software giant said. (

KnujOn is willing to wager this will backfire, that the OS will breakdown on legitmate users and the pirates will have no problem removing the protections.

Who Killed Vardan Kushnir?

October 5, 2006

The Sleazy Life and Nasty Death of Russia’s Spam King (

He withheld pay from employees, boasted of his sexual adventures, enraged government officials, and flooded Russia with 25 million emails a day. Then one morning, Vardan Kushnir’s mother found his bloodied body on the bathroom floor, skull bashed in. (

"What's Next" Page at KnujOn

October 4, 2006

Folks often ask where this project is going and what the future plans are, so we are dedicating a page to list future additions to the project and a status of where these items are at the moment. What's Next?

David Cieslak on the State of Spam

October 3, 2006

The Fight Against Spam ( submitted loan applications with fake data

October 2, 2006

6 more lenders closed in probe (

"Don't Borrow Trouble"

Who else is talking about KnujOn?

October 1, 2006

Could this be a new "BlueFrog"? A true solution to spam? (

Congressman Brought Down by Emails, Instant Messages

September 29, 2006

Behind Foley's Swift Fall From Grace (

Mortgage Fraud Gang in Indiana

September 28, 2006

Town's Residents Say They Were Targets of Big Mortgage Fraud (

"Don't Borrow Trouble"

California Moves to Stop Mortgage Scams

September 27, 2006

Governor signs bill to halt reverse mortgage scams (

"Don't Borrow Trouble"

Deny, deny, deny

September 26, 2006

The following is a sample of a typical response from a junk mailer:

You have contacted the wrong person. I have no idea why you have emailed me on this issue. Follow the unsubscribe instructions in the email you were sent. Do not reply...

There is a failure of logic in this response. On the one hand they deny any responsibility and then proceed to instruct us to use the unsubscribe instructions. However, it is a reasonable suggestion to use the unsubscribe instructions except that the "unsubscribe" link lead to a dead site. This is why KnujOn is needed, because of the deception and intimidation that runs unimpeded on the Internet.

Sauron* Casts Evil Spell Through Rx Junk

September 25, 2006

Submitted by a KnujOn user

Spam trail uncovers junk empire (

An investigation into a seemingly routine series of spam messages has revealed how sophisticated the business of online crime has become.

The article details how these messages use passages from The Lord of the Rings to obscure the true nature of the junk mail and fool filters. This is a common tactic that many of you have surely noticed, a jumble of random text in junk email. The text is often pulled literary texts that are available online for free. So you might see Shakespeare, Dickens, even the Bible. Others are from online newspaper articles.

*Who is Sauron?

Really Dumb Spamming and Spoofing

September 24, 2006

Like everyone else out there spammers spoof in their messages, specifically "". For those not familiar with the concept of spoofing, it is possible to alter an email's header information to conceal where it really came from. If a spoofed email is rejected by the mailbox it was sent to for any reason it will usually be routed back to the faked address. This means that there are often lots of rejection messages received by while is not used to send email, it only receives. Where is this discussion going? The point is that all these rejection messages are dumped into the process and the spam sites get shutdown. The spammers are in-effect committing suicide by spoofing the address.

Registration Process Updated

September 23, 2006

The process for joining KnujOn has been simplified. All the options are now available on a single page and clearly defined. Click the "Register" tab above or click here.

Census Bureau loses hundreds of laptops

September 22, 2006

WASHINGTON (AP) -- The Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night.

Full Story (

KnujOn FAQ Updated

September 21, 2006

Review our updated faq.

Clever Spam

September 20, 2006

Submitted by a KnujOn user

FBI Seeks Info on Alexei Voziianov

September 19, 2006

Alexei Voziianov is wanted for his alleged involvement in an Internet fraud scheme. In late February and early March of 2005, Voziianov allegedly offered items for sale on a major Internet auction web site. These items included gold coins, household appliances, fishing equipment, and other assorted merchandise. Voziianov used several different user names and instructed his victims to send their money to a number of different addresses in Brooklyn, New York. The checks that the victims sent to Voziianov were cashed, but the merchandise that they paid for was never shipped to them. Over fifty victims have lost more than $100,000 due to this fraud scheme. On March 30, 2005, a federal arrest warrant charging Voziianov with wire fraud was issued in the Southern District of New York. Full Sheet (

A Chronology of Data Breaches Since the ChoicePoint Incident

September 18, 2006

A Chronology of Data Breaches (

Education Department working to fix software glitch after student loan data breach

September 17, 2006

WASHINGTON – The Education Department was working to fix a software glitch in its student loan Web site after users complained that they could see other people's personal data.

Full Story (

ING Security Procedures

September 16, 2006

Submitted by a KnujOn user
If you have an ING account and access it through the Internet, take a moment to familiarize yourself with their security policies and procedures: here.

Ebay's New Spoof Tutorial

September 15, 2006

Spoof Email Tutorial (

Romanian police break up Internet crime rings

September 14, 2006

Associated Press (

Authorities in the southern city of Pitesti have broken up four sophisticated Internet crime rings, police said Saturday.

A total of 62 suspects 23 of whom were arrested are accused of defrauding 120 foreigners of more than euro100,000 (US$128,000), after an extensive investigation which was assisted by the FBI and the U.S. Secret Service, the police statement said.

During 2004-2006, the suspects allegedly imitated the sites of well-known Internet-based companies and obtained the e-mail addresses of their customers. They later contacted the customers and asked them to update their personal information, using the details to create identities and offer nonexistent items for sale.

Morocco jails Zotob worm hackers

September 13, 2006

RABAT, Morocco (Reuters) -- A Moroccan court on Tuesday jailed two men for one and two years for unleashing computer worms that disrupted networks across the United States, court officials and lawyers said.

Full Story (

Don't Borrow Trouble

September 12, 2006

For those interested in Mortgage junk mail, you may want to review Freddie Mac's Don't Borrow Trouble program which is designed to alert people to the danger of fly-by-night refinance companies. People have lost their homes because of these scams.

We've all seen the aggressive marketing campaigns for refinance and home equity loans. They may seem tempting but they may not be the best financing alternative — they could even risk a family's financial health, a home's equity and the stability of a neighborhood. Knowledge is protection — learning about refinancing and the mortgage process puts the power to protect both home and family in the homeowner's hands. (Freddie Mac)

Read more(

The Trouble With Current Anti-Spam Solutions

September 11, 2006

Below is a quote from a typical on-line store website:

Internet Service Providers (ISP) have tightened their definitions of SPAM. As a result, your ISP might categorize an email confirmation from this site as potential spam and filter it into a "Bulk" folder or a predetermined "SPAM" folder you define. If you place an order and do not receive your email confirmation in your Inbox, please check in these areas before contacting customer support.

This is a shame and contradicts claims that filters alone can address the problem.

Stock Fraud is No Joke

September 10, 2006

KnujOn has been pushing the idea for a long time that stock junk is more than an annoyance but a true and serious fraud issue. Now two studies have been released detailing the effects on the market and investor: Read more.

More and more evidence as to why the block and delete approach to spam is a failed policy!

Watch for Visa Fraud

September 9, 2006

Report any fraud emails like this to and More information at Visa's security pages.

Yahoo Has the Best Spam Protection?

September 8, 2006

Yahoo Mail often claims to have the "some of the best spam protection around", they even put the claim in signature areas of emails Yahoo members send. But below are 3 examples of phishing that made it through Yahoo filters today:

All three are from the same group of spammers. The last one is the most interesting because of what was found at the linked site: The site launches a JavaScript page with fake Internet Explorer address and toolbars.

Compare to:

See for yourself: is owned by "Erin Batchelder": and redirects to which is owned by "kang re ho" at

The point here is that even if yahoo blocked 100 other emails, the phishers only need 1 to get through. This is why blocking alone will not work.

Bug in report upload

September 7, 2006

As some KnujOn users noted the "first time" date was the same as the "last time" date on the weekly reports. This was due to a bug in the uploading script. The script has been corrected and the reports re-run.

Junk Fax Expose Coming

September 6, 2006

Check this page for a new look at Junk Faxes

Reclaim Your PC

September 5, 2006

So you've got a virus, spyware or some other kind of mouse-freezing nonsense on your PC. Fifty pop-up windows launch and beeps issue from the system speaker. You have more options than just ctrl-alt-del or pulling the plug. Even when your mouse wont respond they keyboard often still works. Many of the seemingly archaic buttons like alt, ctrl and the function keys are not just for decoration. By using combinations of these keys you can interrupt the PC's operations and halt background processes.

alt+f4 will close the top or current window

alt+tab will allow you cycle through open windows(via a pop-up)

ctrl+esc launches the Start menu

alt+esc cycles through open windows

MS Windows Key+M minimizes all windows

alt+f accesses the File menu of a window

More options (

Phones spill secrets of previous users

September 1, 2006

Secondhand phones purchased over the Internet surrendered credit card numbers, banking passwords, business secrets and even evidence of adultery. (

MSGCU Phishing Hole in Korea

August 31, 2006

We have received several of the following recently:

The link is:
But really goes to, The is just a location to bounce it off so you cant see the real URL and is actually the name of a subdirectory at is part of the ISP in Korea, owned by, also in Korea.

The index page at is not properly configured:

Contains a system message in French about configuring PHP. From this page you can see that this phisher not only has a fake MSGCU interface but also a fake NorthFork Bank interface. The meat of the matter? A form that requests your credit card number and PIN:

If you receive one of these emails you can send them to us and/or to Michigan State & Government Credit Union(MSGCU) at: and the admins at,,

Hackers steal AT&T customer info

August 30, 2006

Company notifying nearly 19,000 customers; online store shut down hours after breach occurred. (

National Credit Union Administration Develops New On-Line Banking Guidelines

August 29, 2006

Credit Unions have certainly not been exempt from phishing attacks. The Federal Financial Institutions Examination Council (FFIEC) has released new guidelines(below) and all credit unions are expected to be in compliance by the end of 2006.

August, 2006 Guidelines - pdf (
Authentication & Anti-Phishing Technologies (
Financial Services Alert June, 2004 - pdf (
August, 2001 Guidelines - pdf (
NCUA online risk assessment reminder (
FDIC Memo - pdf (
Also see KnujOn news item: Bank of America uses Personal Icons to Fight Phishing

MailWasher Registry Patch for KnujOn

August 28, 2006

MailWasher has provided a registry patch that will allow email to be forwarded to KnujOn. We know some of you have created your own registry hacks for this, but we did not want to go forward with it officially until we had spoken to them directly. More Information.

Scientology v. the Internet

August 25, 2006

With some of the news about Tom Cruise and Scientology it may be useful to review some of the controversies with Scientology and Internet privacy and free speech.
Scientology v. the Internet(

Hacking and "Cap'n Crunch"

August 24, 2006

The relationship between a kid cereal and the culture of hacking: Hacking and "Cap'n Crunch" (

This is partially because of the prize whistles in cereal boxes that reproduced a 2600 Hertz tone needed to make free phone calls. See Phreak (
The Greatest Hacks of All Time (

Bank of America uses Personal Icons to Fight Phishing

August 23, 2006

SiteKey (


August 22, 2006


WE have lowest prices for MEDS, it's on SALE now

__   __(_)  __ _   __ _  _ __   __ _  /00000\   0     0     ___   ___   __  __ 
\ \ / /| | / _` | / _` || '__| / _` | 0     0  00    00    / __| / _ \ |  \/  |
 \ V / | || (_| || (_| || |   | (_| | \000000 0 0   0 0   | (__ | (_) || |\/| |
  \_/  |_| \__,_| \__, ||_|    \__,_|      0    0     0    \___| \___/ |_|  |_|
                  |___/                   0   00000 00000 0

extinction zGM 

August 18, 2006

Today we received rejected email(bounceback) that spoofed our contact address. This is one of the most common tactics in the spam world. Spammers forge someone else's email address to send junk mail. When it is rejected the rejection message is returned to the forged address and not the real sender. When an organization like KnujOn is targeted with this tactic it is often not merely an attempt to send forged junk mail but also to smear us. It is a common revenge tactic by spammers who have been exposed or shutdown.

So, how will you know if an email from KnujOn is fake or real? It is easy.

  • KnujOn will never send you advertisements for mortgages, penis enlargement patches, and the like.
  • KnujOn sends all correspondence in plain text, not HTML. Our email notices are devoid of image attachments and all URLs are unmasked.
  • You may view the headers of suspect email messages and see where it really came from
  • We only send report notices once a week or send emails in answer to specific issues concerning the project
  • There is no software to download or security to update with KnujOn. Any emails indicating such are false.
Send any spoofs to

Is Your Internet Explorer Crashing?

August 17, 2006

Recently you may have noticed an increase in IE Crashes. You receive this pop-up:

Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.
Followed by a request to report the error and/or restart IE. This is being caused by the most recent Microsoft Patch. A patch for the patch will not be released until August 22.

Microsoft patch can cause IE trouble
Microsoft To Fix Patch That Crashes IE
Microsoft patch can cause IE crashes

MS Support Article
MS Crash Report FAQ
CNET Discussion Thread
Manage Internet Explorer Error Reporting(instructions for disabling) IE 7

AOL's Search for (Internet)Pirate Treasure

August 16, 2006

We know AOL is desparate for cash!

Company seeks millions in damages from spammer, searches for gold bars believed to be buried on his Massachusetts property.

What is also interesting is that there is no mention of this on AOL's own news section.

Internet Confuses Privacy Issues
List of Dell laptop batteries recalled
Civil-Liberties Group Files Complaint Over AOL Data Breach
What is RSS?

FCC cracks down on 'fake news'

August 15, 2006

I guess you could call it "Spam for Television":
Owners of 77 TV stations queried on paid video stories

Microsoft: MMO games face security risk
U.S. Fights Online Gambling with Arrests
Microsoft releases 12 security fixes
Microsoft to hackers: Take your best shot

Obvious Spam Passes Commercial Filters

August 14, 2006

This is the second piece of obvious junk mail in a week that has gone undetected by various commercial filters. The content is in a Microsoft Word document:

Author: William Esther
Company: Phoenix Management Corporation

Back2School Software Blowout Sale!
Stop overpaying for software.
Buy OEM Software today, Download INSTANTLY & Save Over 85%!

Microsoft Office 2003 Professional w/Contact Manager
Retail Price @ Staples: $549.95
Exclusive Sale Price: $69.95

Windows XP Professional Includes Service Pack 1
Retail Price @ Staples: $249.95
Exclusive Sale Price: $49.95

Adobe Photoshop CS2 v 9.0 #1 Rated Photo Editing software
Retail Price @ Staples:  $599.95
Exclusive Sale Price: $69.95

Adobe Acrobat Professional v 7.0 Essential for Web Documents
Retail Price @ Staples: $449.95
Exclusive Sale Price: $69.95 

Visit our Website and get yours today!

This is part of the extensive Paul Gregoire/Alex Rodriguez/Ad Latjes network of "cheap software download" junk mailers.

Thunderbird Extension Mirrors

August 11, 2006

List of mirrors for downloading the Mozilla Thunderbird extension for KnujOn here.

Who Else is Talking About KnujOn?

August 10, 2006

CastleCops has 2 discussion boards for KnujOn, but threads have been running in a few other places as well:

The Original BlueFrog Fan Club and news Source

How Hizballah Hijacks the Internet

August 9, 2006

The group pops up on unwitting Web sites around the world in order to communicate, recruit and fundraise

It is important to note the trend cybercrime moving beyond random vandalism and commercial subterfuge and into politics and international struggles. It is nothing new but it is becoming more frequent. Last year millions of spam emails were sent all over the world with anti-Turkish sentiment(most were in German) just before a vote to admit Turkey to the EU. Turkey was not admitted and it is difficult to tell the impact these emails had on that decision(back-story). Last year's French riots saw the influence text messages, email, and weblogs among the rioting youth(back-story).

Election Day Hacking?

August 8, 2006

Lieberman Accuses Lamont Supporters of Hacking Web Site

Junk Mail Sails Through Commercial Filters

August 7, 2006

A junk email titled "Billing Update, Charges for Account" with the attached file: "invoice.doc" floated right past 2 commercial filters we've been testing. The email is blank and the attachment has all the spam. It references which is part of the extensive Paul Gregoire/Alex Rodriguez/Ad Latjes network of "cheap software download" junk mailers.

More Reporting Options

August 6, 2006

More forwarding and reporting options now available:
How to send

Junk Mail Reporting with Apple Mail

August 5, 2006

A KnujOn member has supplied instructions for automating Apple Mail with Apple Scripts to forward junk similar to Thunderbird:
KnujOn and Apple Mail

Middle East conflict provokes surge of cyber attacks

August 4, 2006

As the death toll in Lebanon and Israel mounts, the conflict has spilled onto the internet with sudden fury as gangs of computer hackers mount a withering cyber attack on thousands of Israeli and Western websites.

College students warned about Internet postings

August 3, 2006

Incoming college students are hearing the usual warnings this summer about the dangers of everything from alcohol to credit card debt. But many are also getting lectured on a new topic -- the risks of Internet postings, particularly on popular social networking sites such as Facebook.

Restatement of Goals

August 1, 2006
What is KnujOn?

The KnujOn project is a mutli-tiered response to email-borne Internet security threats. The core program is a progressive policy enforcement engine.

What are the goals of KnujOn?

The overall goal is to reduce the threat posed to electronic communications and commerce. This may involve shutting down fraudulent websites, reducing the general volume of junk mail, tracking on-line fraud, assisting law enforcement or fraud investigators, and providing useful information to the public concerning fraud, viruses, and information theft.

For the individual this means a no-nonsense method of reporting junk mail that reduces their personal exposure to threats. It is clear from the frustration of email users that current strategies are not working.

Aside from the main goal, KnujOn also strives to address these issues without:

  • Changing the current structure of email or the Internet
  • Forcing the end user/consumer to absorb the full cost and effort
  • Criminalizing legitimate and responsible advertising

What is the KnujOn Approach?

Part of our plan involves changing the current dialog by encouraging users to stop deleting junk email and start reporting it. And we have been contacting those who already agree and converting those who don’t.

KnujOn does not rely on a single method or technological solution, but is rather an array of evolving methods that take the larger problem into consideration.

Behind the junk mail there is a complex world of electronic fraud, software piracy, bogus products, smuggling, identity theft, privacy invasion, industrial espionage, and general misinformation. KnujOn uses junk mail as the starting point and then goes to the deeper levels.

Using Thunderbird Extensions to Report Spam

July 25, 2006

SecondWheel has been gracious enough to provide a modified ThunderBird Extension for KnujOn reporting. Thunderbird is a mozilla email client. SecondWheel offers tips for using Thunderbird at his site and on CastleCops.

Join CastleCops

July 24, 2006

CastleCops is a great resource for anyone interested in cybercrime or computer security threats.

Updated Forwarding Options

July 23, 2006

Sending options have been updated to include links for Thunderbird.

Spam From the FTC?

July 22, 2006
This forged header is meant to look like it is sent by "", an address at the Federal Trade Commission for reporting spam. The message also contains the Beagle virus. is an address at the 3M corporation but it is highly unlikely that 3M is sending virus spam. However it is possible that there is an infected machine on their network. Yes, even giant companies are victims.

Hexed IP Obfuscation in PayPal Scam

July 19, 2006

Information & Updates

July 16, 2006

The last 2 months have been very exciting and busy for us. The increased attention and participation have pushed the limits of KnujOn. We’ve had a number of problems we have endeavored to address, some you may have been aware of some you have not.

Email Submissions:

As many of you know there were problems with bounce-backs. This had been a minor problem since inception but it was only occasional and seemed to happen more with certain users so it was not a major setback. However, with increased participation the problem became unbearable and seemed to get worse. In response we have created a new reporting address that is bounce-back free.

The increased email submissions have also created a processing backlog that we are nearly through catching up on. To give you all a little status update, especially those who have been patiently waiting for their reports:

Old reporting address( Current, if you are a registered user.
Alternative reporting address( Behind on these, but working on it
FTP: Current
New reporting address: Current if you are a registered users

Internal Operations:

KnujOn was arranged to handle dozens of clients, not hundreds. In the last few weeks we have updated and streamlined our internal process to handle the new volume. We have also simplified the sign-up and application procedure.

Some users have wondered at the single reporting address format, especially those who have many email addresses. We may be changing this in the near future.

The Future:

KnujOn has every intention to expand and improve our service. We look forward to continuing to work with all of you.

Information & Updates

June 22, 2006

The reports are coming early for a few reasons. One is that KnujOn is going on vacation until next Thursday. We also have several important announcements!

We have a new mail server and will be issuing a new forwarding address for it shortly. This will stop the rejects and bounce-backs when reporting. has created two forums for us, one for general access and a private one for KnujOn members. This forum is open to anyone: The second forum requires that you register with castlecops: and be a member of KnujOn. CastleCops is a great resource and we recommend it to all of you.

We are also making a number of internal changes that will speed up processing. Stay tuned!

New KnujOn Mail Server to be Released

June 21, 2006

Hello to all the long-suffering KnujOn submitters! While they would never admit it I believe that our ISP has increased the restrictions on email forwarded to us rather than loosened them at our request. In addition, our formerly reliable alternative reporting address is also bouncing back messages. My guess is that they have watched the increase in blacklisted email being forwarded to these addresses and have turned up the blocking.

However, a dedicated KnujOn mail server will be ready within the next few days. The new reporting address will be sent directly to members. The current reporting addresses will still be valid! For those using FTP this will also continue to be available but may eventually be replaced with a custom interface.

Thanks for your patience in this issue!

The Future of E-mail

June 20, 2006

Technologies emerging from R&D labs will make e-mail more productive and give it new roles in the next few years.

CastleCops Hosts KnujOn Discussion Forum

June 19, 2006 has been kind enough to host a KnujOn Forum. Please make use of it! CastleCops provide a priceless resource to the Internet community by aggressively addressing security issues and supplying useful information on the multitude of threats in the modern electronic world. Many of KnujOn's recent new members have come to us via CastleCops.

Message from Knujon

June 18, 2006
Forwarding Emails/Rejects and Bounce-backs

This is obviously an issue that is very important to us. As stated previously the reason we do not host our own mail server is not because we don’t know how, it is because not hosting it has certain advantages(and disadvantages, obviously).

For those wonder why we have not done anything about this yet, it is because we are carefully considering various options and testing them before we make a decision. The decision is coming soon.

To answer a question: is in fact a legitimate alternative reporting address.

To clarify or correct some statements made: Our ISP blocking is based on a list of blacklisted sites obtained from spamhaus. Emails with this links to these sites are rejected. KnujOn has several problems with this model.

  1. We believe that content blocking is a seriously flawed model for addressing the spam problem:
    The Pushdown Network
    Why Content Blocking Does Not Work
  2. ISPs have put themselves in the position of censor and moderator for email users. ISPs interrupt communications without checking with user. We can appreciate the difficult position they are in, they are under siege from security threats and the bulk of users are demanding that they do “something” about it. Many legitimate emails are blocked and some service providers have been sued because of this(Verizon). If they want to continue to block suspicious email that’s fine, but DO SOMETHING WITH THE EMAIL AFTER instead of deleting it.
  3. The block and delete model does not protect the email user. Junk mail still gets through and the irony is that blocking keeps the user from then reporting it.


Some may be wondering why they haven’t received their reports yet or why the reports have not changed since the previous week. There are several answers.

Because of increased membership we have had to completely overhaul our reporting system. We have streamlined and simplified the procedure on our end which will save us much time. Everyone with current reportable data will receive those reports today or Monday.

Some Knujon members report mostly stock junk or “Nigerian” scams. These do no produce data that appears in our reports. Does this mean we are not processing them or taking action? No, it just means that our report format does not currently allow these items to be listed. Will this be the case always? No, we will modify the reports to include this information eventually. Keep forwarding non-site specific junk mail to us.

We have received many new formats of from our newer users that we had not seen before and some formats were causing errors in the process that had to be addressed before we could proceed. This is a critical point of testing as it allows us to expand and improve the overall process!

Some junk email is not processed immediately for reports because they require special attention, but they are being processed. As stated we do not rely on a single method for addressing the junk mail problem and some samples fall into “interesting” categories that are held over.


We are aware that many have applied an not received word yet. We are now looking at a one-week turn around for applications. This is mainly because we attempt to verify the applications before accepting them.

Getting Information Out There(Issues, questions, Thunderbird/Mailwasher/BlueFrog)

We receive a number of questions about the methods used for reporting junk mail, namely the use for Thunderbird or a modified BlueFrog module. We are acutely aware that many of our participants have important technical expertise and tips to share with other users. CastleCops has been gracious enough to create dedicated forums for Knujon, one public one for registered members. We are looking forward to using this a place where concerned individuals can trade and discuss useful information.

We have relied on our site and our weekly reports to get information out, but CastleCops has proven to be vital location for addressing email security threats. Cooperation between Knujon and CastleCops will hopefully continue and grow.

General Information about Knujon’s Process

Knujon is more a tortoise, rather than hare, approach to the problem. We are a plodding, long-term approach to the problem. We are constantly reviewing and revising our model. Like street crime, spam will never be completely eliminated. Email-borne security threats, however, can be managed and reduced. Right now, the problem is not being managed or addressed properly.

Thank you for your participation and especially thanks to CastleCops!

Thunderbird Extension for KnujOn

June 17, 2006

For those familiar with Thunderbird, Secondwheel has developed a version to be used with Knujon. You can find it here:

Email Forwarding/Submissions

June 5, 2006

Rest assured we are working very hard to address email forwarding issues.

For registered users we will be issuing additional information with the weekly reports tonight.

Non-Western Characters: This issue should be resolved, but may come up from time to time. If it does please send us the full error message.

Mailbox Full: The increased volume of submissions in the last two weeks has caused some occasional backups in processing. These should only be temporary when they come up, but we understand that this is inconvenient when you are in the middle of reporting so we have added additional reporting addresses to be released with the weekly reports.

Rejected Submissions: This has been a problem from the beginning of the project but it was rare and manageable. In the last two weeks it has become more and more of a problem. We are, however receiving thousands of submissions(hence the full mailbox) and we are looking at permanent solutions to the problem.

FTP Submissions: The FTP submission method will be available and instructions will be issued to registered users with the weekly report tonight.

Thanks for your support!

Sweden's National Police Website Shutdown by DoS Attack

June 2, 2006
"STOCKHOLM, Sweden (AP) -- The Web site of Sweden's national police was shut down after a hacker attack that investigators on Friday said could be a retaliation for a crackdown on a popular file-sharing site called The Pirate Bay. "

Hacker attack shuts down Swedish Web site

EU steps up battle against hackers and cybercrime

June 1, 2006
"BRUSSELS (Reuters) - Sending alerts on breaches of Internet security will be explored as part of wider steps to combat hackers and cybercrime, the European Commission said on Wednesday. "

Reuters via

Codes on Sites 'Captcha' Anger of Web Users

May 30, 2006
"Captchas -- the jumbles of letters that users must type to gain access to some Web sites -- are a growing irritation for Internet surfers. But programmers hope to make new variations that are both easier to decipher and harder to crack." discussed this issue months ago. require registration)

Fake System Alerts

May 27, 2006
Have you ever seen one of these?

This is not a real system message it is junk message made to look like a system message. Sites associated with this kind of fake system message:

Don't go to any of these sites. You can stop the messages by disabling Windows Messenger Service(Control Panel, Admin Tools, Select "Services", find the "Messenger" service, right-click and Stop. Also set to manual or disabled rather than automatic or boot). This is not the same as Instant Messaging.

More Information:

Knujon Statement for New Users and Applicants

May 26, 2006
In an effort to address questions from new users and applicants we have posted a statement that should address many of these questions.

Hole in Symantec

May 25, 2006
Company: Hackers can crack top antivirus program

Data on 26.5 million veterans stolen from home

May 24, 2006
Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst...

Forwarding Junk With Non-Western Character Sets

May 23, 2006
Some users had reported problems forwarding junk with non-western character sets(Russian, Chines, etc). This issues has been addressed. If you continue to receive rejections because of this please send the rejection message to

Message to New Members and Applicants

May 21, 2006
First of all, welcome! We appreciate your interest and participation. The increased activity has caused a few minor problems for us that we will endeavor to resolve.

New Applications: The turn around time for new applications may be longer than usual because the number has increased significantly. If you have not heard back from us yet you will in the next few days.

Reporting Mailbox Full: The volume of mail we usually receive has increased 500% in the last 2 days. We have added more space to compensate.

Rejected submissions: There are multiple reasons why mail may be rejected and some are beyond our control, but be assured we are working on the problem.

Check back here for updates!

Anti-Spam Company Attacked by Spammers

May 19, 2006
Blue Security(site may not be up) an anti-spam company that had some real success has voluntarily closed its operations after a cyber attack by spammers. Blue Security's Blue Frog software was somewhat controversial but effective. The fact that such a large attack was conducted against Blue Security shows how much money is at stake on the other end.

Read article:

Concerns About KnujOn

May 18, 2006
Recently some concerns about KnujOn have shown up in blogs and discussion threads and we would like to address them. Hopefully the comments below will be helpful, if not please contact us:

Is KnujOn going to charge for personal use after the beta testing?
At the moment we have no plans to charge our personal clients.

Is KnujOn just a scam to harvest email addresses?
Absolutely not, please read our privacy policy:

Some spammers pretend to be anti-spam companies
True, but KnujOn is not one of them. KnujOn is often presented at law enforcement conferences and security seminars.

Attempt to Use U.S. Agency for International Development in Fraud

May 12, 2006
Bellow is an email received today using references to USAID, an American agency that provides assistance throughout the world. Really from a Romanian ISP,

Dear Sir/Madam,

please do not be embarrassed as I would like to request your assistance 
in a business transaction of mutual benefit, I am Franklin James,and a 
member of The U.S. Agency for International Development (USAID), our 
committee is in charge of contracts awards and payment for all 
contractors who executed contracts in the rebuilding of Iraq. The contract award 
is still going on right now by our Agency in Iraq.A contract was 
awarded to Bechtel Corporation of of San Francisco, California on April 17, 
2003 which includes-rehabilitation of power generation facilities, 
electrical grids, municipal water systems, sewage systems, airport 
facilities, the dredging, repair and upgrading of the Umm Qasr seaport and 
reconstruction of hospitals, schools, ministry buildings, irrigation 
structures and transportation links; goal is to repair or rehabilitate up to 
100 hospitals, 6,000 schools (out of approximately 25,000), up to six 
airports, and one southern seaport.The total contract sum was valued for 
US$680 Million (Six Hundred And Eighty Million United States Dollars) 
The contract was fully executed and commissioned and certified OK  by L. 
Paul Bremer, the former U.S. administrator of Iraq on the 4th of August 

In the course of my work with USAID, I recently discovered that the 
contract was over-invoiced by our agency to the tune of  US$36.5M which is 
now left in Security Deposit & Finance Company in Iraq. I have made a 
deal with the committee members to have a neutral person stand as the 
beneficiary That is my reason for contacting you.Due to attacks by 
insurgents everyday and car bombing Iraq, it is not advisable that you come 
to Iraq to claim the cash payment from the Security Deposit & Finance 
Company. We will have the consignment shipped in your name to Germany so 
that you can  collect the money. The mode of sharing shall be discussed 
by percentage after I have heard from you.

For security reasons, it will not be wise to make a bank to bank 
transfer considering the amount involved, but if you can go in person and 
collect the Money, you can then transfer it gradually into various 
accounts with the help of the Diplomats that will bring the consignment to 
Germany.Please if you are not interested, I will be very greatful if you 
keep this to yourself because I am still in active service.I am sure you 
will handle this news> with maturity.I am presently in Iraq and I cannot 
receive foreign calls for security reasons. We shall communicate by 
email. I will only call you when necessary.

Franklin James
Contract Award Committee


May 8, 2006
Protect yourself from the ZQuest Trojan adware/spyware. More information.

Shutdown Count Nears 3000

May 1, 2006
The Shutdown Count nears 3000 and should reach it this month.

Phisher Uses Hexed IP to Mask Fake Link

April 25, 2006
We have seen obfuscated urls in the past, phishers and spammers that replace characters in a domain address with their hexadecimal equivalents. Example: %2E%63%6F%6D is ".com". However, today KnujOn received a PayPal scam with this link:


0xd8daf761 is a hexadecimal conversion of the ip address: which is a free member bulletin board in French(Oddly enough .ws is the TLD for Western Samoa). is a jumble of postings and one of the first is "the internet is shit" which is poignant given the situation here.

At any rate, be on the look out 0xd8daf761 style urls, KnujOn is set to catch them!

One-Third of sites tracked by KnujOn Shutdown

April 24, 2006
So far 33.5% of the sites tracked by KnujOn have been shutdown, the rest will go in time. They have been shutdown because our users send their junk mail to

Protect Yourself from Surf SideKick

April 19, 2006

Fake E-Mail Topples Japan's Opposition Party

April 15, 2006

Beware of tax refund 'phishing' scams

April 14, 2006
Scores of fake sites tempt Web users with schemes posing as IRS

"Sextuplet Hoax" Couple Used Website, PayPal to Collect Money

April 13, 2006
Theft charges in sextuplets hoax

KnujOn Alert System

April 6, 2006
Sign-up: here

Ripping Snail-mail Credit Card Applications Not Enough

April 5, 2006
A must read: The Torn-Up Credit Card Application. This man proves why simply ripping up a mailed credit card application will not protect your identity from possible theft and credit card fraud.

Some advice on these: take the pre-paid envelope and mail the unused application back rather than throwing it away. If you are shredding documents, shred them at an angle to make it hard to piece back together.

New KnujOn Alert System Coming

April 4, 2006
KnujOn will be adding an alert system soon for banks and on-line companies. Please contact us for more information:

Spam news Stories and Links

April 3, 2006
Spyware-Powered Click Fraud Traced to Yahoo
Spammers take aim at HR departments
Verizon tentatively settles e-mail suit
Neighborhood watch for phishing
Phishers stick the boot into World Cup fans
Web sites that exploit a recent Internet Explorer flaw
Web sites that exploit a recent Internet Explorer flaw
Web sites that exploit a recent Internet Explorer flaw
Spyware company denies software is malicious
Spyware company denies software is malicious
Why phishing works
Phishers set hidden traps on eBay
Fighting fraud by baiting phishers
Why phishing reels punters in
Anti-Phishing Tips You Should Not Follow
Fake E-Mail Topples Japan's Opposition Party

Chase Phishing

April 2, 2006

Really links to:

More Chase Fraud

A Very Bad Idea for Addressing Spam

March 25, 2006
Marlborough Firm Pushes Payment System To Cut Spam

This company is proposing a per-email fee to combat spam. Not only is this unnecessary and excessive, but it wont work. Snail-Junk mailers spend lots of money filling mailboxes with thick envelopes and catalogs. Besides, spammers are not above hacking to send email. I doubt this is a serious proposal for ending junk mail, but rather an attempt to make money off of email. This proposal works against some of the basic principles of the Internet, namely that everyone can get on cheaply and then spend money while logged on. Increasing the bottom line cost of using the Internet will lower usage and cut down on on-line profits. Since plenty of companies will offer "free" email service to compete with the fee-based email a mandated fee would amount to a tax that would have to come from the U.S. Federal government. How would this be regulated in foreign countries? This proposal would be a disaster. As this site believes the best way to address the issue is through policy enforcement, information and tracking.

Revenge and Smear Spamming

March 24, 2006
The point of revenge or smear spamming is to make it appear that one site is sending junk mail when they are really not in order to ruin that site's reputation and get them on blacklists. The following are some recent examples:

We offer best way for investment.
(Really from a Verizon account)
300% profit per month is TRUE! Visit our site.
(Really from a Bangkok ISP)
Don't lose your chance to make really good investor carier!
(Really from a China ISP)
Don't lose your chance to make really good investor carier!
(Really from a German ISP)

All of the URLs in these messages are domain registration services. The reason, they probably suspended the spammer's sites and this their revenge.

Fidelity says stolen laptop held data of customers

March 23, 2006
Fund company sends out security alerts to 196,000

Tax preparers may be selling personal financial information

March 22, 2006
Don't blindly sign on the dotted line

Watch Out for Mirar Spyware

March 17, 2006
Have noticed an additional toolbar on your Browser called MIRAR? If so you have a spyware virus on your PC. read more. The "uninstall" link for MIRAR actually links to their website and phony form that requests personal information that has nothing to with uninstalling the program. Never fill forms like this out.

The purpose here is to a) deter people from uninstalling the spyware or b) gather more personal information. Read more.

27 charged in child porn sting

March 16, 2006
Internet kiddie-porn ring stopped

"Pump and Dump" Stock Junk

March 1, 2006
What you can do about stock junk


The Pushdown Network

February 28, 2006
What is the Pushdown Network?

Why Content Blocking Does Not Work

February 22, 2006
Why Content Blocking Does Not Work

Questionable Policies at

February 20, 2006 has a posted anti-spam policy:
If you have received unsolicited advertising material which you believe was either sent by a user of MySecretFolders or as a result of using our services, please let us know.

But is using spam to sell their product? Several of our clients have received emails like this:

with forged headers. The emails link to which forwards to Both and are run by a notorious spam organization.

Spam, On-Line Porn, and Murder

February 15, 2006
Continuing sad saga of Neil Entwistle... Spam site boasted of ‘the magic bullet’ On the scene: Live updates from the Entwistle arraignment Internet sex dealings date back years for Neil and changes again

February 4, 2006 and are using fake spyware scan pop-ups instead of porn.

Do not click on the download button if you have this pop-up. Use a real spyware scan to get rid of it: HijackThis.

Boston Globe Gives out Customer Credit Cards on Recycled Paper

February 3, 2006 Fraud follows Globe goof: 3 say others used their credit cards . In short invoices with lists of 200 thousand customer credit card numbers and expiration dates were recycled and turned into batch tickets placed on top of delivered newspaper stacks. Some of these numbers have already been used fraudulently. Proof that personal data is never completely safe if more than one person has it.

Kama Sutra Worm

February 2, 2006 Kama Sutra worm hits home

eBay phishing saga

January 30, 2006
eBay phishing saga by Richi Jenings who also runs Now Porn Site not "Anti-Spyware"

January 27, 2006
Apparently is no longer claiming to be an anti-spyware site but is now pushing porn.

Removal, more information

New Page Dedicated to Phishing

January 26, 2006 changes Look of Spyware Ad

January 25, 2006
First noted on Jan 22, this type of fake spyware scan can be very dangerous. Their pop-up window has changed:

They are listed as "Rogue/Suspect Anti-Spyware Products & Web Sites" by Read more.
More on Spyware.

Anti-spyware guidelines get final version

January 23, 2006 Anti-spyware guidelines get final version

Fake Spyware Scans

January 22, 2006
You may have had a pop-up window like the one below:

Do not click on the links in this window. These advertised scans are often launched by viruses or spyware that have already infected your PC. Downloading the software will "fix" the virus problem and in turn expose you to more spyware and viruses. Some companies have infected PCs with spyware and then billed users to have them removed. The above pop-up links to and They are listed as "Rogue/Suspect Anti-Spyware Products & Web Sites" by Read more.
More on Spyware.

Over 2000 Pending Site Suspensions

January 21, 2006
There are now over 2000 pending site suspensions just from the beta testing.

FBI: Online attacks common for businesses

January 20, 2006

News from 2005 has been archived.

Privacy Policy and Mission Statement
All Content at Copyrighted by KnujOn, LLC.
KnujOn and Coldrain are not responsible for content at external sites