News - 2006 Archive
Archived 2006 News, for current news click here
December 29, 2006
We've received hundreds of submissions referencing sinmatch.com and they are in fact being Joe-Jobbed.
December 28, 2006
We're not surprised by this, just surprised it took so long to see one. Evite.com is
free service that allows users to send electronic invitations to parties. The service
allows people to send mass emails that link to pages on Evite.com, we always knew it was
only a matter of time before the scammers started using it. The one bellow
links to an Evite page that has a typical junk mail message.
Evite.com is a completely legitimate service that is not involved in spam. Does this mean that Evite.com will now be blocked? Yet another reason why content blocking will not solve the problem.
December 27, 2006
A haven for scam artists, MySpace.com users are vulnerable to a plethora of cyber crimes including identity theft - MySpace.com scams are on the rise - Thieves lure victims with explicit photos in profiles - Site created team that monitors unwanted posters (cnn.com)
December 26, 2006
NEW YORK (AP) -- Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers. (cnn.com)
December 23, 2006
The U.S. Securities and Exchange Commission put a suspected Russian brokerage-account thief's money on ice this week, after he allegedly used illicit access to people's online portfolios to drive up stock prices. (securityfocus.com)
December 22, 2006
The Open Relay DataBase, the spam fighting organisation that lists open relays historically exploited by spammers to send junk mail, is to close down at the end of the year, five and a half years after it was first established. (theregister.co.uk)
December 21, 2006
We're working very hard this week to identify the client accounts that have report issues. We have already resolved a number of them. Many new members will receive the first report today or tomorrow. We have notified users who have outdated Thunderbird or Okopipi plugins and there is an additional issue that we are currently working on that seems to be affecting a minority of users. Thanks for your patience.
December 20, 2006
“In October of 2005 I was receiving, on average, 100-130 junk emails per day. I thought the only thing I could do was
delete them and hope I stopped receiving them. Then I joined KnujOn. Instead of simply deleting my junk email, I
forward them to KnujOn. Within a month, I noticed a decline in the number and variety of junk email I received. Now,
more than a year later, the amount of junk email I receive has been reduced by about 70%. Clearly, KnujOn is performing
as promised. With more than 10,000 websites shut down and counting, KnujOn is leading the fight against internet spam
and junk mail whose intent may be malicious, and I am glad to be one of the members of KnujOn fighting back.”
December 18, 2006
Anyone concerned with privacy issues and identity theft knows about the concept of "Dumpster Diving" or
going through corporate and personal garbage to find crucial data. News articles regularly appear detailing data found
on un-erased disks and documents discarded by companies and government agencies:
December 15, 2006
As many have noticed there is has been a spike in junk mail from ui726.com. Some you have
also noted that this site does not remain shutdown for very long. We have made a special case out of this
and will update everyone as time permits. For reference they in China, hosted by dns.com.cn(also in China). The
entire site is in Chinese but we have translated the spam policy. It is a very rough, very literal translation,
we don't claim to speak Chinese(not yet anyway):
To post a policy is one thing, to follow through is another. We are going to test them to see if they stick to their policies. It is worth noting that even though the policy is posted they have no method for filing a report. This is often is a sign of a registrar/host who is not in full compliance.
December 12, 2006
A New York Times article by Brad Stone on the state of spam
(Spam Doubles, Finding New Ways to Deliver Itself)
confirms everything KnujOn has been saying for 3 years. In
articles, presentations, whitepapers, editorials, lectures and regular news updates at this site KnujOn has repeatedly
put forth the argument that content blocking and filtering alone will
not solve the problem. We have 8 main arguments against relying on spam filtering. See how quotes from this article match
up to those points:
Mr. Stone's article is interesting for many reasons but one is glaring, that the overall message seems to be that filtering and blocking has failed yet all the "new" ideas out there are recycled versions of the same old ones. However, it is important to note that the programmers of filtering software have come up with some amazing algorithms and code but they are looking through the wrong end of the microscope. We at KnujOn are not just throwing out casual criticism, KnujOn actually has a plan to fight the problem.
December 11, 2006
A major key to setting counterfeit goods is deception. The potential customer has to be tricked into thinking that
the offered product is(or is as good as) the genuine article. In this pursuit junk emails will use names and images
of name-brand products to sell "replica" or imitation. This, in and of itself, is bad enough. The junk mailer below went
a step further and used a forged ScanAlert HackerSafe seal in emails and their websites.
ScanAlert is a service that verifies sites for their security level and then provides a seal so customers know the
site is safe for e-commerce. This attempt to use the seal without permission continues to undermine consumer trust.
Compare the junk mail on the left with a real ScanAlert approved site on the right:
December 10, 2006
Recently some of you may have noticed an increase in image-only(no html, url links or text) drug junk. We see this as progress and a reaction to efforts by services like KnujOn. There are those who see this as a threat, but don't worry, it's a minor issue and KnujOn already has a pre-process for this type that is applied before putting it through the core engine.
Most of the sites advertised have pending actions against them.
December 9, 2006
December 8, 2006
December 7, 2006
"Could this be a new Bluefrog?" (freevidweblog.com)
December 6, 2006
PROVIDENCE, Rhode Island (AP) -- Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site. (cnn.com)
December 5, 2006
A completely legitimate email advertisement from AT&T Credit Cards contains completely stupid content which makes it appear to be a
phishing email. It was reported to us by a suspicious and cautious KnujOn member, problem is it's real.
December 4, 2006
This weekend we clocked our ten thousandth site shutdown(and then eleven thousand this morning). It is a big milestone for KnujOn just as the first 100 and first 1000 were. However, you should all give yourselves a big pat on the back as well since it only happened because you all submitted junk mail. Thanks for your support!!!
December 3, 2006
LOS ANGELES, California (AP) -- A Romanian man has been indicted on charges of hacking into more than 150 U.S. government computers, causing disruptions that cost NASA, the Energy Department and the Navy nearly $1.5 million. (cnn.com)
December 2, 2006
Three items that everyone should know about for their own protection when it comes to junk email.
Spammers use all kind of methods to obfuscate the true location of links within emails and we have
seen evidence of these recently:
December 1, 2006
WASHINGTON (CNN) -- A Department of Homeland Security advisory cautioning that al Qaeda may be planning cyber attacks on banking and financial institution Web sites was issued out of an abundance of caution, although there is no corroboration, a DHS spokesman told CNN Thursday. (money.cnn.com)
November 30, 2006
November 29, 2006
"The leadership of the electronic Jihad has decided to undertake a grand attack against the official Vatican site following the insults by the Pope against our Prophet," the statement read in Arabic, referring to remarks the Pope made in a September 12 speech. (newsmax.com)
November 28, 2006
Trying to piggyback on popular services like SnapFish, this spammer is using fake
vacation photo forwarding to push software:
November 27, 2006
November 22, 2006
Anti-Spam Update - Knuj0n and Boxbe (cleverhack.com)
November 21, 2006
Anti-Spam Strategies That Work (curezone.com)
November 20, 2006
BEIJING, China (AP) -- The easing of a ban on the popular online encyclopedia in China was short-lived. Barely a week after Wikipedia viewers were able to access the Web site -- after a year-long ban -- they reported Friday that it was blocked again in several parts of China.
November 19, 2006
November 17, 2006
Very clever, random numbers, bypasses filters! Forwarded to SEC, not sure if they will even know what it is...
What is ASCII?(wikipedia.org)
What is ASCII Art?(wikipedia.org)
Stock Junk information
November 16, 2006
"There are other links on the KnujOn website, leading to heaps of information, all of which contain (to me, at least) very convincing arguments in favour of reporting spam, not just deleting it. " (exetel.com.au)
November 15, 2006
PHILADELPHIA, Pennsylvania (AP) -- About 1 percent of Web sites indexed by Google and Microsoft are sexually explicit, according to a U.S. government-commissioned study. (cnn.com)
November 14, 2006
The Internet is full of fantastic deals for airfare, hotels, car rentals and even whole vacations. This
has opened the door to fraud and deception. The success of LowestFare, Priceline, Hotwire, Expedia, and Orbitz
has generated many other travel services that may or may not be legitimate. There are a few simple rules for picking one
of these Internet deals:
What are some things that have happened to folks who use less-than-reputable travel services?
Let's take a look at 2 services someone told us they had trouble with: CHEAPTICKETSCANCUN.COM and TRAVELCOMM.COM. Everything seemed fine at first until they discovered some fees that were not documented previously. They called CHEAPTICKETSCANCUN.COM to resolve the matter and claimed that they were put on hold indefinitely, spoken to rudely, hung up on, etc. They haven't actually taken the trip yet but they are worried. This could have all been avoided by looking at the history of these companies before making a purchase.
In the example of CHEAPTICKETSCANCUN.COM there is no physical address of the company listed on their website, just a phone number. Compare this to Expedia.com who list their mailing address clearly in the site's legal info. So then where is CHEAPTICKETSCANCUN.COM registered you may ask? They are registered in Arizona through a anonymous proxy service, but the company is not in Arizona. The company is registered in Florida, but not under the name CHEAPTICKETSCANCUN.COM. The real company name is: Mexico Vacations, TC Lakehurst Orlando, FL 32802. In checking review sites it is easy to find that tripadvisor.co.uk has a review of them and it's not pretty.
On to TRAVELCOMM.COM. A review of a BBB report shows that TRAVELCOMM.COM has had over 300 complaints in the last 36 months, about 10 complaints per month. Of these complaints 92 are unresolved at this time. This means you have a 30% chance of being ignored if you have a problem with them. In addition TRAVELCOMM.COM has been issued citations(and not the good kind!) by the FCC and FTC for sending unsolicited advertising. Still haven't made up your mind? Read this review(ripoffreport.com).
Knowing this ahead of time, would you have purchased a vacation through them?
November 13, 2006
November 3, 2006
November 2, 2006
There was a link error at the bottom of the report pages last week. This has been corrected.
November 1, 2006
Saad Echouafni, head of a satellite communications company, is wanted in Los Angeles, California for allegedly hiring computer hackers to launch attacks against his company's competitors. On August 25, 2004, Echouafni was indicted by a federal grand jury in Los Angeles in connection with the first successful investigation of a large-scale distributed denial of service attack (DDOS) used for a commercial purpose in the United States. In a DDOS, a multitude of compromised systems attack a single target causing a sustained denial of service for its customers. The investigation, codenamed Operation Cyberslam, was initiated in 2003 when a large-digital video recorder vendor based in Los Angeles reported a series of crippling denial of service attacks that effectively halted its business for nearly two weeks. That business, as well as others both private and government in the United States, were temporarily disrupted by these attacks which resulted in losses ranging from $200,000 to over $1 million.
Full Sheet (fbi.gov)
October 30, 2006
October 29, 2006
Maybe you have noticed the same trend, an increasing number of legitimate emails are being blocked as spammers find ways around filters and filter companies become more aggressive to compensate. Here are a few things sent to me that have been blocked:
Below is a statement on Canon.com(copier and camera company):
October 28, 2006
PERTH - A Perth-based company has been fined A$5.5 million ($6.5 million) for sending millions of unsolicited emails, with a judge labelling the spam annoying, costly to combat and a threat to the internet. (nzherald.co.nz)
October 27, 2006
In July a new KnujOn user commented that they were impressed with the 3910 shutdowns but expressed concern that the count would have to be much much higher for a true impact. We know people are wondering where KnujOn is going and what the future goals are. We have plans to address these questions. Up until recently KnujOn was experiment and research. Now we are passing from the experimental stage to true large-scale application.
There is no reason to doubt that KnujOn could pass 100,000 shutdowns in a year. This is a question of scale. In very beginning stages we had 10 mailboxes contributing which lead to 123 site shutdowns in 3 months. This was very exciting because at the time the only comparison we could make was to expensive lawsuits and government investigations that lead to a little over 200 site shutdowns. After 6 months with the 10 mailboxes we passed 1000 shutdowns, which to us was proof of process effectiveness. We expanded to several dozen users and doubled the shutdown count in 6 months. Rapidly increasing participation since spring, 2006 has lead to over 7000 shutdowns and we are confident that we will reach 10,000 in the coming weeks.
We have tried very hard to calculate projections of shutdowns as they relate to increased membership but this has been extremely difficult. Because we have been constantly improving and adding to the process we have been unable to produce a calculated rate of increased success. However, there is a clear correlation between increased participation and increased shutdowns. Because every new user reveals sites, connections and tactics we haven’t seen before. Very often a single email report can lead to a wave of shutdowns.
Because of this plans are in the works to extend the process to as many people as possible and make it as simple as possible.
Thank you for your continued support and participation!
October 26, 2006
TechArena - The Indian Perspective of Technology (techarena.in)
October 25, 2006
NEW YORK (CNN) -- Hackers have been ringing up big losses at America's top online brokerage houses this year after infiltrating company systems and illegally trading millions of dollars, according to the Securities and Exchange Commission (money.cnn.com)
October 24, 2006
SpamCop's WebMail (spamcop.net)
October 23, 2006
Submitted by a Knujon user
October 22, 2006
October 21, 2006
"I know for a fact that I have several shutdowns with Knujon..." (wilderssecurity.com)
October 20, 2006
NEW YORK (CNN) -- Apple computers have long been prized for being relatively virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware. (cnn.com)
October 19, 2006
"We recently discovered that a small number - fewer than 1 per cent - of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus," reads a statement on Apple's website. There's no "Windows RavMonE.exe virus", but there are a few viruses which create an executable file called "RavMonE.exe". RavMonE.exe is the name of one of the executable files used by the RAV antivirus software. (playfuls.com)
October 18, 2006
One might think that a site called "librarysystem.net" would give you access to America's public libraries, university libraries or summarize the Dewey Decimal System. However, it redirects to "spurmyouloveit.com" a site selling dubious "medial" products. This is part of the soft deception that erodes confidence in Internet communication.
October 17, 2006
October 16, 2006
Jie Dong is wanted for defrauding Internet auction site users out of approximately $800,000. In the fall of 2003, Dong allegedly offered items on the auction site and collected money from the purported winning bidders. Dong is alleged to have never produced the promised merchandise to the nearly 5,000 victims. Dong is believed to have later fled from the United States to China and may now be in Hong Kong.
Full Sheet (fbi.gov)
October 15, 2006Submitted by a KnujOn member
October 14, 2006
Is there a way to get back at a spam emails? (uk.answers.yahoo.com)
October 13, 2006
The U.K. based Spamhaus Project(site may be down, if so
use google cached page) has been tracking spammers
for a lot longer than KnujOn. Their project is quite different, using blacklists and real-time filtering, specifically through
ROKSO(Register of Known Spam Operations). The have been
sued in a U.S. Court by e360insight.com, an e-mail marketing company that was
blacklisted by Spamhaus. Spamhaus has stated that their shutdown would lead to a deluge of junk mail.
e360insight.com describes Spamhaus as a "fanatical, vigilante organization". While we don't know all the details yet, the
intensity and language is a commentary on how much money is at stake.
ICANN has stated that it can't comply with the court's order.
We'll be following this closely of course!
October 12, 2006
Thanks to Triade Systems there is now
a Python based script that will help gmail users report
October 11, 2006
October 10, 2006
October 9, 2006
October 8, 2006
Antispam engine enhancements proposals (my.opera.com)
October 7, 2006
Comedian 2, Internet Arms Dealers 0 (defensetech.org)
October 6, 2006
NEW YORK (Reuters) -- Microsoft Corp's upcoming Windows Vista computer operating system will include technology that is designed to prevent pirated copies from fully functioning, the software giant said.
October 5, 2006
The Sleazy Life and Nasty Death of Russia’s Spam King (wired.com)
October 4, 2006
Folks often ask where this project is going and what the future plans are, so we are dedicating a page to list future additions to the project and a status of where these items are at the moment. What's Next?
October 3, 2006
The Fight Against Spam (cpatechnologyadvisor.com)
October 2, 2006
October 1, 2006
Could this be a new "BlueFrog"? A true solution to spam? (digg.com/security/)
September 29, 2006
Behind Foley's Swift Fall From Grace (time.com)
September 28, 2006
September 27, 2006
Governor signs bill to halt reverse mortgage scams (insidebayarea.com)
September 26, 2006
The following is a sample of a typical response from a junk mailer:
There is a failure of logic in this response. On the one hand they deny any responsibility and then proceed to instruct us to use the unsubscribe instructions. However, it is a reasonable suggestion to use the unsubscribe instructions except that the "unsubscribe" link lead to a dead site. This is why KnujOn is needed, because of the deception and intimidation that runs unimpeded on the Internet.
September 25, 2006
Submitted by a KnujOn user
September 24, 2006
Like everyone else out there spammers spoof KnujOn.com in their messages, specifically "yourjunk@KnujOn.com". For those not familiar with the concept of spoofing, it is possible to alter an email's header information to conceal where it really came from. If a spoofed email is rejected by the mailbox it was sent to for any reason it will usually be routed back to the faked address. This means that there are often lots of rejection messages received by yourjunk@KnujOn.com while yourjunk@KnujOn.com is not used to send email, it only receives. Where is this discussion going? The point is that all these rejection messages are dumped into the process and the spam sites get shutdown. The spammers are in-effect committing suicide by spoofing the yourjunk@KnujOn.com address.
September 23, 2006
The process for joining KnujOn has been simplified. All the options are now available on a single page and clearly defined. Click the "Register" tab above or click here.
September 22, 2006
WASHINGTON (AP) -- The Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night.
September 21, 2006
Review our updated faq.
September 20, 2006
Submitted by a KnujOn user
September 19, 2006
Alexei Voziianov is wanted for his alleged involvement in an Internet fraud scheme. In late February and early March of 2005, Voziianov allegedly offered items for sale on a major Internet auction web site. These items included gold coins, household appliances, fishing equipment, and other assorted merchandise. Voziianov used several different user names and instructed his victims to send their money to a number of different addresses in Brooklyn, New York. The checks that the victims sent to Voziianov were cashed, but the merchandise that they paid for was never shipped to them. Over fifty victims have lost more than $100,000 due to this fraud scheme. On March 30, 2005, a federal arrest warrant charging Voziianov with wire fraud was issued in the Southern District of New York.
Full Sheet (fbi.gov)
September 18, 2006
A Chronology of Data Breaches (privacyrights.org).
September 17, 2006
WASHINGTON – The Education Department was working to fix a software glitch in its student loan Web site after users complained that they could see other people's personal data.
September 16, 2006
Submitted by a KnujOn user
September 15, 2006
Spoof Email Tutorial (ebay.com)
September 14, 2006
Associated Press (ap.org)
September 13, 2006
RABAT, Morocco (Reuters) -- A Moroccan court on Tuesday jailed two men for one and two years for unleashing computer worms that disrupted networks across the United States, court officials and lawyers said.
September 12, 2006
For those interested in Mortgage junk mail, you may want to review Freddie Mac's
Don't Borrow Trouble program which is designed to
alert people to the danger of fly-by-night refinance companies. People have lost their homes because
of these scams.
September 11, 2006
Below is a quote from a typical on-line store website:
This is a shame and contradicts claims that filters alone can address the problem.
September 10, 2006
KnujOn has been pushing the idea for a long time that stock junk is more than an annoyance but a
true and serious fraud issue. Now two studies have been released detailing the effects on the
market and investor: Read more.
September 9, 2006
September 8, 2006
Yahoo Mail often claims to have the "some of the best spam protection around",
put the claim in signature areas of emails Yahoo members send.
But below are 3 examples of phishing that made it through Yahoo filters today:
September 7, 2006
As some KnujOn users noted the "first time" date was the same as the "last time" date on the weekly reports. This was due to a bug in the uploading script. The script has been corrected and the reports re-run.
September 6, 2006
September 5, 2006
So you've got a virus, spyware or some other kind of mouse-freezing nonsense on your
PC. Fifty pop-up windows launch and beeps issue from the system speaker. You have more options
than just ctrl-alt-del or pulling the plug. Even when your mouse wont respond they keyboard
often still works. Many of the seemingly archaic buttons like alt, ctrl and the
function keys are not just for decoration. By using combinations of these keys you can
interrupt the PC's operations and halt background processes.
September 1, 2006
August 31, 2006
We have received several of the following recently:
August 30, 2006
August 29, 2006
Credit Unions have certainly not been exempt from phishing attacks. The Federal Financial Institutions Examination Council (FFIEC) has
released new guidelines(below) and all credit unions are expected to be in compliance by the end of 2006.
August 28, 2006
MailWasher has provided a registry patch that will allow email to be forwarded to KnujOn. We know some of you have created your own registry hacks for this, but we did not want to go forward with it officially until we had spoken to them directly. More Information.
August 25, 2006
With some of the news about Tom Cruise and Scientology it may be useful to review some of the controversies
with Scientology and Internet privacy and free speech.
August 24, 2006
The relationship between a kid cereal and the culture of hacking:
Hacking and "Cap'n Crunch" (wikipedia.org)
August 23, 2006
August 22, 2006
August 18, 2006
Today we received rejected email(bounceback) that spoofed our contact address. This is one of the
most common tactics in the spam world. Spammers forge someone else's email address to send junk mail.
When it is rejected the rejection message is returned to the forged address and not the real sender.
When an organization like KnujOn is targeted with this tactic it is often not merely an attempt to
send forged junk mail but also to smear us. It is a common revenge tactic by spammers who have been
exposed or shutdown.
August 17, 2006
Recently you may have noticed an increase in IE Crashes. You receive this pop-up:
Microsoft patch can cause IE trouble news.com.com(CNET)
Microsoft To Fix Patch That Crashes IE informationweek.com
Microsoft patch can cause IE crashes usatoday.com
MS Support Article
MS Crash Report FAQ
CNET Discussion Thread
Manage Internet Explorer Error Reporting(instructions for disabling) IE 7
August 16, 2006
We know AOL is desparate for cash!
August 15, 2006
I guess you could call it "Spam for Television":
August 14, 2006
This is the second piece of obvious junk mail in a week that has gone undetected by various
commercial filters. The content is in a Microsoft Word document:
August 11, 2006
August 10, 2006
CastleCops has 2 discussion boards for KnujOn, but threads have been running in a few other places as well:
August 9, 2006
The group pops up on unwitting Web sites around the world in order to communicate, recruit and fundraise time.com
August 8, 2006
August 7, 2006
A junk email titled "Billing Update, Charges for Account" with the attached file: "invoice.doc" floated right past 2 commercial filters we've been testing. The email is blank and the attachment has all the spam. It references temnieprogi.com which is part of the extensive Paul Gregoire/Alex Rodriguez/Ad Latjes network of "cheap software download" junk mailers.
August 6, 2006
More forwarding and reporting options now available:
August 5, 2006
A KnujOn member has supplied instructions for automating Apple Mail with Apple Scripts to forward junk similar to Thunderbird:
August 4, 2006
As the death toll in Lebanon and Israel mounts, the conflict has spilled onto the internet with sudden fury as gangs of computer hackers mount a withering cyber attack on thousands of Israeli and Western websites. timesonline.co.uk
August 3, 2006
Incoming college students are hearing the usual warnings this summer about the dangers of everything from alcohol to credit card debt. But many are also getting lectured on a new topic -- the risks of Internet postings, particularly on popular social networking sites such as Facebook. cnn.com
August 1, 2006What is KnujOn?
The KnujOn project is a mutli-tiered response to email-borne Internet security threats. The core program is a progressive policy enforcement engine.What are the goals of KnujOn?
The overall goal is to reduce the threat posed to electronic communications and commerce. This may involve shutting down fraudulent websites, reducing the general volume of junk mail, tracking on-line fraud, assisting law enforcement or fraud investigators, and providing useful information to the public concerning fraud, viruses, and information theft.
For the individual this means a no-nonsense method of reporting junk mail that reduces their personal exposure to threats. It is clear from the frustration of email users that current strategies are not working.
Aside from the main goal, KnujOn also strives to address these issues without:
Part of our plan involves changing the current dialog by encouraging users to stop deleting junk email and start reporting it. And we have been contacting those who already agree and converting those who don’t.
KnujOn does not rely on a single method or technological solution, but is rather an array of evolving methods that take the larger problem into consideration.
Behind the junk mail there is a complex world of electronic fraud, software piracy, bogus products, smuggling, identity theft, privacy invasion, industrial espionage, and general misinformation. KnujOn uses junk mail as the starting point and then goes to the deeper levels.
July 25, 2006
SecondWheel has been gracious enough to provide a modified ThunderBird Extension for KnujOn reporting. Thunderbird is a mozilla email client. SecondWheel offers tips for using Thunderbird at his site and on CastleCops.
July 24, 2006
CastleCops is a great resource for anyone interested in cybercrime or computer security threats.
July 23, 2006
July 22, 2006This forged header is meant to look like it is sent by "firstname.lastname@example.org", an address at the Federal Trade Commission for reporting spam. The message also contains the Beagle virus. 184.108.40.206 is an address at the 3M corporation but it is highly unlikely that 3M is sending virus spam. However it is possible that there is an infected machine on their network. Yes, even giant companies are victims.
July 19, 2006
July 16, 2006
The last 2 months have been very exciting and busy for us. The increased attention and participation have pushed the limits of KnujOn. We’ve had a number of problems we have endeavored to address, some you may have been aware of some you have not.Email Submissions:
As many of you know there were problems with bounce-backs. This had been a minor problem since inception but it was only occasional and seemed to happen more with certain users so it was not a major setback. However, with increased participation the problem became unbearable and seemed to get worse. In response we have created a new reporting address that is bounce-back free.
The increased email submissions have also created a processing backlog that we are nearly through catching up on. To give you all a little status update, especially those who have been patiently waiting for their reports:
Old reporting address(yourjunk@KnujOn.com): Current, if you are a registered user.
KnujOn was arranged to handle dozens of clients, not hundreds. In the last few weeks we have updated and streamlined our internal process to handle the new volume. We have also simplified the sign-up and application procedure.
Some users have wondered at the single reporting address format, especially those who have many email addresses. We may be changing this in the near future.The Future:
KnujOn has every intention to expand and improve our service. We look forward to continuing to work with all of you.
June 22, 2006
The reports are coming early for a few reasons. One is that KnujOn is going on vacation until next Thursday. We also have several important announcements!
We have a new mail server and will be issuing a new forwarding address for it shortly. This will stop the rejects and bounce-backs when reporting.
CastleCops.com has created two forums for us, one for general access and a private one for KnujOn members. This forum is open to anyone: http://www.castlecops.com/f240-Knujon_General_Discussion.html The second forum requires that you register with castlecops: http://www.castlecops.com/ and be a member of KnujOn. CastleCops is a great resource and we recommend it to all of you.
We are also making a number of internal changes that will speed up processing. Stay tuned!
June 21, 2006
Hello to all the long-suffering KnujOn submitters! While they would never admit it I believe that our ISP has increased the restrictions on email forwarded to us rather than loosened them at our request. In addition, our formerly reliable alternative reporting address is also bouncing back messages. My guess is that they have watched the increase in blacklisted email being forwarded to these addresses and have turned up the blocking.
However, a dedicated KnujOn mail server will be ready within the next few days. The new reporting address will be sent directly to members. The current reporting addresses will still be valid! For those using FTP this will also continue to be available but may eventually be replaced with a custom interface.
Thanks for your patience in this issue!
June 20, 2006
June 19, 2006
CastleCops.com has been kind enough to host a KnujOn Forum. Please make use of it! CastleCops provide a priceless resource to the Internet community by aggressively addressing security issues and supplying useful information on the multitude of threats in the modern electronic world. Many of KnujOn's recent new members have come to us via CastleCops.
June 18, 2006Forwarding Emails/Rejects and Bounce-backs
This is obviously an issue that is very important to us. As stated previously the reason we do not host our own mail server is not because we don’t know how, it is because not hosting it has certain advantages(and disadvantages, obviously).
For those wonder why we have not done anything about this yet, it is because we are carefully considering various options and testing them before we make a decision. The decision is coming soon.
To answer a question: Knujon_us@yahoo.com is in fact a legitimate alternative reporting address.
To clarify or correct some statements made: Our ISP blocking is based on a list of blacklisted sites obtained from spamhaus. Emails with this links to these sites are rejected. KnujOn has several problems with this model.
Some may be wondering why they haven’t received their reports yet or why the reports have not changed since the previous week. There are several answers.
Because of increased membership we have had to completely overhaul our reporting system. We have streamlined and simplified the procedure on our end which will save us much time. Everyone with current reportable data will receive those reports today or Monday.
Some Knujon members report mostly stock junk or “Nigerian” scams. These do no produce data that appears in our reports. Does this mean we are not processing them or taking action? No, it just means that our report format does not currently allow these items to be listed. Will this be the case always? No, we will modify the reports to include this information eventually. Keep forwarding non-site specific junk mail to us.
We have received many new formats of from our newer users that we had not seen before and some formats were causing errors in the process that had to be addressed before we could proceed. This is a critical point of testing as it allows us to expand and improve the overall process!
Some junk email is not processed immediately for reports because they require special attention, but they are being processed. As stated we do not rely on a single method for addressing the junk mail problem and some samples fall into “interesting” categories that are held over.Applications
We are aware that many have applied an not received word yet. We are now looking at a one-week turn around for applications. This is mainly because we attempt to verify the applications before accepting them.Getting Information Out There(Issues, questions, Thunderbird/Mailwasher/BlueFrog)
We receive a number of questions about the methods used for reporting junk mail, namely the use for Thunderbird or a modified BlueFrog module. We are acutely aware that many of our participants have important technical expertise and tips to share with other users. CastleCops has been gracious enough to create dedicated forums for Knujon, one public one for registered members. We are looking forward to using this a place where concerned individuals can trade and discuss useful information.
We have relied on our site and our weekly reports to get information out, but CastleCops has proven to be vital location for addressing email security threats. Cooperation between Knujon and CastleCops will hopefully continue and grow.General Information about Knujon’s Process
Knujon is more a tortoise, rather than hare, approach to the problem. We are a plodding, long-term approach to the problem. We are constantly reviewing and revising our model. Like street crime, spam will never be completely eliminated. Email-borne security threats, however, can be managed and reduced. Right now, the problem is not being managed or addressed properly.
Thank you for your participation and especially thanks to CastleCops!
June 17, 2006
For those familiar with Thunderbird, Secondwheel has developed a version to be used with Knujon. You can find it here: http://secondwheel.googlepages.com/knujonthunderbirdextension.
June 5, 2006
Rest assured we are working very hard to address email forwarding issues.
For registered users we will be issuing additional information with the weekly reports tonight.
Non-Western Characters: This issue should be resolved, but may come up from time to time. If it does please send us the full error message.
Mailbox Full: The increased volume of submissions in the last two weeks has caused some occasional backups in processing. These should only be temporary when they come up, but we understand that this is inconvenient when you are in the middle of reporting so we have added additional reporting addresses to be released with the weekly reports.
Rejected Submissions: This has been a problem from the beginning of the project but it was rare and manageable. In the last two weeks it has become more and more of a problem. We are, however receiving thousands of submissions(hence the full mailbox) and we are looking at permanent solutions to the problem.
FTP Submissions: The FTP submission method will be available and instructions will be issued to registered users with the weekly report tonight.
Thanks for your support!
June 2, 2006"STOCKHOLM, Sweden (AP) -- The Web site of Sweden's national police was shut down after a hacker attack that investigators on Friday said could be a retaliation for a crackdown on a popular file-sharing site called The Pirate Bay. "
Hacker attack shuts down Swedish Web site cnn.com
June 1, 2006"BRUSSELS (Reuters) - Sending alerts on breaches of Internet security will be explored as part of wider steps to combat hackers and cybercrime, the European Commission said on Wednesday. "
Reuters via yahoo.com
May 30, 2006"Captchas -- the jumbles of letters that users must type to gain access to some Web sites -- are a growing irritation for Internet surfers. But programmers hope to make new variations that are both easier to decipher and harder to crack."
Knujon.com discussed this issue months ago.
wsj.com(may require registration)
May 27, 2006Have you ever seen one of these?
This is not a real system message it is junk message made to look like a system message. Sites associated with this kind of fake system message:
Don't go to any of these sites. You can stop the messages by disabling Windows Messenger Service(Control Panel, Admin Tools, Select "Services", find the "Messenger" service, right-click and Stop. Also set to manual or disabled rather than automatic or boot). This is not the same as Instant Messaging.
May 26, 2006In an effort to address questions from new users and applicants we have posted a statement that should address many of these questions.
May 25, 2006Company: Hackers can crack top antivirus program cnn.com
May 24, 2006Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst... cnn.com
May 23, 2006Some users had reported problems forwarding junk with non-western character sets(Russian, Chines, etc). This issues has been addressed. If you continue to receive rejections because of this please send the rejection message to contact@KnujOn.com.
May 21, 2006First of all, welcome! We appreciate your interest and participation. The increased activity has caused a few minor problems for us that we will endeavor to resolve.
New Applications: The turn around time for new applications may be longer than usual because the number has increased significantly. If you have not heard back from us yet you will in the next few days.
Reporting Mailbox Full: The volume of mail we usually receive has increased 500% in the last 2 days. We have added more space to compensate.
Rejected submissions: There are multiple reasons why mail may be rejected and some are beyond our control, but be assured we are working on the problem.
Check back here for updates!
May 19, 2006Blue Security(site may not be up) an anti-spam company that had some real success has voluntarily closed its operations after a cyber attack by spammers. Blue Security's Blue Frog software was somewhat controversial but effective. The fact that such a large attack was conducted against Blue Security shows how much money is at stake on the other end.
Read article: wired.com
May 18, 2006Recently some concerns about KnujOn have shown up in blogs and discussion threads and we would like to address them. Hopefully the comments below will be helpful, if not please contact us: contact@KnujOn.com
Is KnujOn going to charge for personal use after the beta testing?
At the moment we have no plans to charge our personal clients.
Is KnujOn just a scam to harvest email addresses?
Some spammers pretend to be anti-spam companies
True, but KnujOn is not one of them. KnujOn is often presented at law enforcement conferences and security seminars.
May 12, 2006Bellow is an email received today using references to USAID, an American agency that provides assistance throughout the world. Really from a Romanian ISP, reactiv.ro: 220.127.116.11.
May 8, 2006Protect yourself from the ZQuest Trojan adware/spyware. More information.
May 1, 2006The Shutdown Count nears 3000 and should reach it this month.
April 25, 2006We have seen obfuscated urls in the past, phishers and spammers that replace characters in a domain address with their hexadecimal equivalents. Example: %2E%63%6F%6D is ".com". However, today KnujOn received a PayPal scam with this link:
0xd8daf761 is a hexadecimal conversion of the ip address: 18.104.22.168 which is nfb.hippo.ws a free member bulletin board in French(Oddly enough .ws is the TLD for Western Samoa). hippo.ws is a jumble of postings and one of the first is "the internet is shit" which is poignant given the situation here.
At any rate, be on the look out 0xd8daf761 style urls, KnujOn is set to catch them!
April 24, 2006So far 33.5% of the sites tracked by KnujOn have been shutdown, the rest will go in time. They have been shutdown because our users send their junk mail to yourjunk@KnujOn.com.
April 19, 2006Spyware
April 15, 2006news.aol.com
April 14, 2006Scores of fake sites tempt Web users with schemes posing as IRS cnn.com
April 13, 2006Theft charges in sextuplets hoax cnn.com
April 6, 2006Sign-up: here
April 5, 2006A must read: The Torn-Up Credit Card Application. This man proves why simply ripping up a mailed credit card application will not protect your identity from possible theft and credit card fraud.
Some advice on these: take the pre-paid envelope and mail the unused application back rather than throwing it away. If you are shredding documents, shred them at an angle to make it hard to piece back together.
April 4, 2006KnujOn will be adding an alert system soon for banks and on-line companies. Please contact us for more information: contact@KnujOn.com
April 3, 2006Spyware-Powered Click Fraud Traced to Yahoo eweek.com
Spammers take aim at HR departments zdnet.com
Verizon tentatively settles e-mail suit usatoday.com
Neighborhood watch for phishing zdnet.com
Phishers stick the boot into World Cup fans vnunet.com
Web sites that exploit a recent Internet Explorer flaw zdnet.com
Web sites that exploit a recent Internet Explorer flaw theregister.co.uk
Web sites that exploit a recent Internet Explorer flaw eweek.com
Spyware company denies software is malicious techworld.com
Spyware company denies software is malicious securityfocus.com
Why phishing works securityfocus.com
Phishers set hidden traps on eBay zdnet.com
Fighting fraud by baiting phishers zdnet.com
Why phishing reels punters in theregister.co.uk
Anti-Phishing Tips You Should Not Follow it-observer.com
Fake E-Mail Topples Japan's Opposition Party news.aol.com
April 2, 2006
Really links to: caseid4433.com
More Chase Fraud
March 25, 2006Marlborough Firm Pushes Payment System To Cut Spam
This company is proposing a per-email fee to combat spam. Not only is this unnecessary and excessive, but it wont work. Snail-Junk mailers spend lots of money filling mailboxes with thick envelopes and catalogs. Besides, spammers are not above hacking to send email. I doubt this is a serious proposal for ending junk mail, but rather an attempt to make money off of email. This proposal works against some of the basic principles of the Internet, namely that everyone can get on cheaply and then spend money while logged on. Increasing the bottom line cost of using the Internet will lower usage and cut down on on-line profits. Since plenty of companies will offer "free" email service to compete with the fee-based email a mandated fee would amount to a tax that would have to come from the U.S. Federal government. How would this be regulated in foreign countries? This proposal would be a disaster. As this site believes the best way to address the issue is through policy enforcement, information and tracking.
March 24, 2006The point of revenge or smear spamming is to make it appear that one site is sending junk mail when they are really not in order to ruin that site's reputation and get them on blacklists. The following are some recent examples:
All of the URLs in these messages are domain registration services. The reason, they probably suspended the spammer's sites and this their revenge.
March 23, 2006Fund company sends out security alerts to 196,000
March 22, 2006Don't blindly sign on the dotted line
March 17, 2006Have noticed an additional toolbar on your Browser called MIRAR? If so you have a spyware virus on your PC. read more. The "uninstall" link for MIRAR actually links to their website and phony form that requests personal information that has nothing to with uninstalling the program. Never fill forms like this out.
The purpose here is to a) deter people from uninstalling the spyware or b) gather more personal information. Read more.
March 16, 2006Internet kiddie-porn ring stopped
March 1, 2006What you can do about stock junk
February 28, 2006What is the Pushdown Network?
February 22, 2006Why Content Blocking Does Not Work
February 20, 2006mysecretfolders.net has a posted anti-spam policy:
But is mysecretfolders.net using spam to sell their product? Several of our clients have received emails like this:
with forged headers. The emails link to hldden.com which forwards to mysecretfolders.net. Both mysecretfolders.net and hldden.com are run by przc.com a notorious spam organization.
February 15, 2006Continuing sad saga of Neil Entwistle...
bostonherald.com: Spam site boasted of ‘the magic bullet’
bostonherald.com: On the scene: Live updates from the Entwistle arraignment
bostonherald.com: Internet sex dealings date back years for Neil
February 4, 2006scanandrepair.com and web-update.org are using fake spyware scan pop-ups instead of porn.
Do not click on the download button if you have this pop-up. Use a real spyware scan to get rid of it: HijackThis.
February 3, 2006bostonherald.com: Fraud follows Globe goof: 3 say others used their credit cards . In short invoices with lists of 200 thousand customer credit card numbers and expiration dates were recycled and turned into batch tickets placed on top of delivered newspaper stacks. Some of these numbers have already been used fraudulently. Proof that personal data is never completely safe if more than one person has it.
February 2, 2006CNN.com: Kama Sutra worm hits home
January 30, 2006eBay phishing saga by Richi Jenings who also runs fixingemail.org.
January 27, 2006Apparently web-update.org is no longer claiming to be an anti-spyware site but is now pushing porn.
Removal, more information
January 26, 2006http://www.KnujOn.com/phishing.html
January 25, 2006First noted on Jan 22, this type of fake spyware scan can be very dangerous. Their pop-up window has changed:
They are listed as "Rogue/Suspect Anti-Spyware Products & Web Sites" by spywarewarrior.com. Read more.
More on Spyware.
January 23, 2006msn-cnet.com: Anti-spyware guidelines get final version
January 22, 2006You may have had a pop-up window like the one below:
Do not click on the links in this window. These advertised scans are often launched by viruses or spyware that have already infected your PC. Downloading the software will "fix" the virus problem and in turn expose you to more spyware and viruses. Some companies have infected PCs with spyware and then billed users to have them removed. The above pop-up links to web-update.org and scanandrepair.com. They are listed as "Rogue/Suspect Anti-Spyware Products & Web Sites" by spywarewarrior.com. Read more.
More on Spyware.
January 21, 2006There are now over 2000 pending site suspensions just from the beta testing.
January 20, 2006From CNN.com.
News from 2005 has been archived.