Have you had any odd meetings in your Outlook or Google calendars lately? I’ve been monitoring an interesting spamming technique over the past few weeks where they are sending automatically accepted meeting requests (if you allow that) to your calendar.

The spam is originating from Gmail accounts but the Google and Outlook calendar functions are compatible so the meeting request goes straight into your calendar and you probably won’t notice it until you get a reminder at the spammers chosen time.

All the samples I’ve seen so far are Nigerian Scams which is interesting in itself as the Nigerian scammers have traditionally been less advanced in terms of coming up with new tricks.

This tactic adds a further nuisance factor for the recipients of this spam as it sets your time as “Busy”. Sure, you can turn off automatic acceptance of meeting requests via the Calendar options in Outlook and in Google Calendar but that feature is provided for a reason so why should the spammers stop us using it? This spam campaign has been low volume and targeted as is the nature of the Nigerian Scam email but there’s been alot of talk in the last few months about Gmails captcha being broken so it wouldn’t suprise me if the botnet spammers pick it up pretty soon!

A recent report by the OECD (Organisation for Economic Co-operation and Development) indicated that counterfeit and pirated goods in 2005 could have had a value of up to 200 billion U.S. dollars.

One path to fake goods is via spam, which frequently offers counterfeit medicines and replica watches. A recent post from the French CERT-LEXSI blog caught my attention regarding fake luxury mobile phones selling for absolutely unbeatable prices.

These phones are normally manufactured by Vertu, a British subsidiary of Nokia, and are sold in luxury shops in Monte Carlo, Cannes, or Beverly Hills. On their official top-quality site (www.vertu.com), prices are not mentioned, but by visiting some authorised retailer Web sites I found exorbitant figures. Some mobiles, bedecked in gold and diamonds, exceed $90,000. Really too expensive for me!

Using Google, it’s really easy to find fake sites offering these counterfeit marvels. In fact it is easier to find the fake sites than the authorized ones!

And the prices–assuming you need one of these–are attractive: less than $1,000 for a copy of an original that sells for $97,300.

Regular spam campaigns promote such Vertu “replica” sites. Be vigilant, however, because appearances can be deceiving. Sites are numerous and their common feature is their high-quality, professional look–with black backgrounds that imitate the official site.

These sites are hosted at various providers in various countries (USA, Germany, and Hong Kong). Some of them seem clean; others are known for bulletproof hosting services and their relationship with the Russian Business Network, an alleged cybercrime organization. The registrars are also diverse (Estonia, Russia, and Korea) but more questionable. It is surprising that these do not require any name verification before accepting registrations. But once you know that a lot of spam and malware-related Web sites come from them, their permissiveness is easier to understand. Registrant addresses and e-mails give us an inkling regarding the nationality of their owners: China and Russia.

For the potential buyer, the key issue concerns the risk. The Swiss Watch Industry clearly points out that the buyer is the first victim, because purchasing counterfeits is:

• Agreeing that piracy is OK; the counterfeiter seeks to appropriate somebody else’s hard work and investment.
• Supporting and financing organized crime; links between counterfeiting activities and criminal networks have been established in many cases.
• Accepting underground and child labor.
• Endangering your own health and safety; the risk is real with medicines, aircraft and auto spare parts, medical supplies, and cosmetics.
• Reducing employment and stifling growth; this form of criminality contributes to the reduction of employment, which is estimated to cost more than 200,000 jobs worldwide per year.
• Being liable to criminal sanctions; the buyer may face criminal and financial sanctions. The mere possession of counterfeits is illegal in many countries. Furthermore, penalties could be claimed by legitimate intellectual property rights’ owners. Customs also can seize and destroy illegal items and assess fines.

And if these considerations don’t stop you, remember you run the risk of not receiving the goods you pay for; instead you might have your banking details stolen and reused in future malevolent activities. None of the sites I visited yesterday offered a secure Internet payment system; one of them housed a hidden Iframe linked to a known password-stealing Trojan.

Commonly in conversation with family or friends I am asked questions that begin with statements such as “Well, I had this computer virus…” Further into these conversations after asking some additional questions of my own, I become more convinced that the person believes they had a virus. From the descriptions provided I am often inclined to suspect classes of malware and potentially unwanted programs that are commonly referred to as FakeAlerts and rogue security software are responsible.

I have come across many of these types of programs disguised as anti-virus or anti-spyware products that generate false warnings of malware that is supposedly present on the system:

Fake alerts are typically trojans that generate false warnings of spyware on the computer. These alerts are most often displayed as a balloon pop-up from the systray. The fake alerts will typically encourage the user to download or install a rogue security software product by means of “detecting” bogus infections on the system and frighten the user into buying the rogue software in order to clean the fictitious malware that that was discovered.

I am continually surprised at the prevalence of these types of applications and how many computer users install and use these so I thought it might be useful to post some tips that may help with identifying traits that are commonly associated with these types of scams.

Use Responsible browsing practices:
Trojans typically spread manually, often under the premise that they are beneficial or wanted. To do this often times similar techniques such as those used in product marketing are involved. Responsible browsing practices can include identifying when propaganda is used to persuade one into believing something, doing something, or buying something. This is not solely indicative of something malicious in nature, however being able to tell when these methods are utilized can sometimes help one to know when to ask more questions about the motivation or intentions for the use of the tactic.

Do some quick research:
If something does flag ones attention it may be worth the effort to do some quick investigation. Use a well known search engine and enter search terms such as the name of the product you are being asked to purchase, the title of the dialog being displayed, the name of the malware that is being detected, etc. Try to avoid pages that are sponsored by the target of your investigation. Look for third party opinions or reviews. This may help provide some additional counterpoints that may help with an objective analysis of the software in question.

Are there any secondary indications of an infection?
Look for the presence of the files being identified by the software as malicious. Often these files will not exist on the system at all. Sometimes however these types of programs will write the fake files to the system so that it can later detect them as malicious.

Check the time and date stamps on the files. Are they similar to that of the time the program was installed or ran a scan?

Submit the file to an online scanning service such as VirusTotal and see if established anti-virus programs detect them.

These are just a few simple examples from the quick and easy do-it-yourself malware research guide!!

Meeting the German participants of the McAfee SPAM Experiment for dinner yesterday turned out to be very interesting and provided some unexpected results. After 14 days living on a Spam-mail diet they are still in good shape. Some are so into it that they even installed SiteAdvisor to find out, in advance, if a site is likely to send you spam when you leave your email address there…

Getting in trouble with the girl-friend for browsing dating web sites while leaving his mail-address for possible use by spammers was one of the less expected (and desired) results.

And then this: Collecting spam through surfing porn sites really does not work! All who tried told me they didn’t receive much spam when leaving their email on such sites. That really was a surprise for me. I would have expected a lot of spam, as there seems to be a fairly obvious link between porn and certain drugs and enhancement pills…

Constantly living in a world full of (empty) promises seems to have some effect as well: “It’s nice sitting here with you, but soon I’ll be hanging out with Tom Cruise and Jessica Alba and I will even get money for it” - it’s amazing what some shady people promise you, just to get your email address and other personal data.

There was some amazement when two participants figured out they had received nearly identical advance-fee scams: One in English, the other one in the Polish language.

Well, I’m sure all participants will have a lot of interesting experiences and stories to share at the end of the experiment and I sincerely hope they manage to stop clicking on all those ‘you are the 100,000,000,000 visitor of this webpage’-banners

Oh, and a last note: If there is one movie you should watch this year, make sure it’s the Futurama: Bender’s Big Score where Spam and Phishing play key elements in the story!!