Should I feel left out? I didn’t receive an apology letter from my bank, broker or grocery store this week. In case you are wondering what they should be apologizing about – besides the weak dollar or the price of tomatoes — the online marketer Epsilon was breached this week

For the 3rd day running we are seeing vast quantities of email-attached malware. Today the spoofed sender was DHL with subjects like “DHL Express Service”. The emails included standard test such as:  Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More

Virus distributors have steadily decreased their usage of email as a means of malware distribution. The more popular methods nowadays include the use of drive-by downloads as well as “voluntary” downloads of “shockwave updaters” and “movie codec files”. But the last day or so has seen very high levels of

It’s so hard to find good help these days. Even in the world of spam you just have to do everything yourself or else take a risk that some inattentive subordinate is going to mess up. Like this Apple iPad 2 marketing scam campaign which should have the recipient name

T-Online.de provides free hosting for any website… …Like this redirect to a very convincing Fake Antivirus page 

Numerous reports have been circulating about the sudden demise of the Rustock botnet. The question is whether this has had an effect on global spam levels.  Some observations: There are clear “humps” on Saturday, Monday and Tuesday – but less activity on Friday, Sunday and today. These patterns and levels

I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing. What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed

Commtouch Labs has detected large volumes of phony “unread twitter message” emails. All links route via intermediate sites to the same pharmacy site. Most of the links are being flagged in browsers as malware or (incorrectly) phishing. Our advice – mouse over any email links if you aren’t sure about

Spammers are an enterprising lot – registering domains that will be useful if there is ever a natural disaster such an earthquake or tsunami. Consider the domain “oceanictsunamialerts.info” registered on the 13th of December 2010.  Following the Japanese earthquake and tsunami on Friday, the domain is now being used in

Consider for a moment the stages involved in a traditional phishing attack:  Create the phishing page – either buried within a legitimate site or hosted on some temporary server Send out carefully socially engineered phishing emails requiring login for some reason – including the link to the phishing page Collect