Citadel Botnet Operator Gets 4.5 Years In Prison 42

An anonymous reader writes: The U.S. Department of Justice has announced that Dimitry Belorossov, a.k.a. Rainerfox, an operator of the "Citadel" malware, has been sentenced to 4.5 years in prison following a guilty plea. Citadel was a banking trojan capable of stealing financial information. Belorossov and others distributed it through spam emails and malvertising schemes. He operated a 7,000-strong botnet with the malware, and also collaborated to improve it. The U.S. government estimates Citadel was responsible for $500 million in losses worldwide. Belorossov will have to pay over $320,000 in restitution.

Hackers' Latest Targets: Google's Webmaster Tools 19

jfruh writes: The latest attack vector hackers are taking advantage of: Google's Webmaster tools, which allow domain owners to index new pages for searching and react quickly to Google-detected malware. It's that last capability that hackers are after, tweaking things to keep infected sites under their control longer. From the ITWorld story: "According to the Sucuri researchers, by becoming verified owners for compromised websites, attackers can track how well their BHSEO campaigns perform in Google Search. They can also submit new spam pages to be indexed faster instead of waiting for them to be discovered naturally by Google's search robots, they can receive alerts if Google flags the websites as compromised, and, most importantly, they can remove legitimate owners of the site from the Search Console."
United States

US-Appointed Egg Lobby Paid Food Blogs and Targeted Chef To Crush Vegan Startup 317

An anonymous reader writes: The American Egg Board targeted publications, popular food bloggers, and a celebrity chef as part of an effort to combat a perceived threat from Hampton Creek, an egg-replacement startup backed by some of Silicon Valley's biggest names, according to internal emails. The Gaurdian reports: A detailed review of emails, sent from inside the AEB and obtained by the Guardian, shows that the lobbyist's anti-Hampton Creek campaign sought to:
  • Pay food bloggers as much as $2,500 a post to write online recipes and stories about the virtue of eggs that repeated the egg lobby group's "key messages."
  • Confront Andrew Zimmern, who had featured Hampton Creek on his popular Travel Channel show Bizarre Foods and praised the company in a blog post characterized by top egg board executives as a "love letter."
  • Target publications including Forbes and Buzzfeed that had written broadly positive articles about a Silicon Valley darling.
  • Unsuccessfully tried to recruit both the animal rights and autism activist Temple Grandin and the bestselling author and blogger Ree Drummond to publicly support the egg industry.
  • Buy Google advertisements to show AEB-sponsored content when people searched for Hampton Creek or its founder Josh Tetrick.

Ask Slashdot: Should I Publish My Collection of Email Spamming IP Addresses? 106

An anonymous reader writes: I have, for a while now, been collecting IP addresses from which email spam has been sent to, or attempted to be relayed through, my email server. I was wondering if I should publish them, so that others can adopt whatever steps are necessary to protect their email servers from that vermin. However, I am facing ethical issues here. What if the addresses are simply spoofed, and therefore branding them as spamming addresses might cause harm to innocent parties? What if, after having been co-opted by spammers, they are now used legitimately? I wonder if there's a market for all the thousands of webmail addresses that send Slashdot nothing but spam.

Gmail Spam Filter Changes Bite Linus Torvalds 136

An anonymous reader points out The Register's story that recent changes to the spam filters that Google uses to pare down junk in gmail evidently are a bit overzealous. Linus Torvalds, who famously likes to manage by email, and whose email flow includes a lot of mailing lists, isn't happy with it. Ironically perhaps, it was only last week that the Gmail team blogged that its spam filter's rate of false positives is down to less than 0.05 per cent. In his post, Torvalds said his own experience belies that claim, and that around 30 per cent of the mail in his spam box turned out not to be spam. "It's actually at the point where I'm noticing missing messages in the email conversations I see, because Gmail has been marking emails in the middle of the conversation as spam. Things that people replied to and that contained patches and problem descriptions," Torvalds wrote.

A Welcome Shift: Spam Now Constitutes Less Than Half of All Email 114

An anonymous reader writes: According to Symantec's latest Intelligence Report, spam has fallen to less than 50% of all email in June – a number we haven't seen in over a decade. Of all emails received by Symantec clients in June, junk emails only accounts for 49.7% down from 52.1% in April which shows a huge drop. Year over year, spam has decreased as well due to internet providers doing a better job at filtering and shutting down spam bots.

Google To Reopen Maps To User Edits, With an Anti-Abuse Plan 28

jfruh writes: When Google opened up its Maps to user edits, a lot of useful information got added — along with plenty of spam and outright abuse, some of it obscene, which led to the program being shut down. Now the company is planning to reopen things to user input, recruiting local mappers that they're calling "regional leads" to filter out problematic content.

OCZ Toshiba Breaks 40 Cent Per GB Barrier With New Trion 100 Series SSD 144

MojoKid writes: OCZ is launching a brand new series of solid state drives today, dubbed the Trion 100. Not only are they the first drives from the company to use TLC NAND, but they're also the first to use all in-house Toshiba technology with the drive's Flash memory and controller both designed and built by Toshiba. That controller is paired to A19nm Toshiba TLC NAND Flash memory and a Nanya DDR3 DRAM cache. Details are scarce on the Toshiba TC58 controller but it does support Toshiba's QSBC (Quadruple Swing-By Correction — a Toshiba proprietary error correction technology) and the drives have a bit of SLC cache to boost write performance in bursts and increase endurance. The OCZ Trion 100 series is targeted at budget conscious consumers and users still contemplating the upgrade from a standard hard drive. As such, they're not barn-burners in the benchmarking department, but performance is still good overall and a huge upgrade over any HDD. Pricing is going to be very competitive as well, at under .40 per GiB for capacities of 240GB, 480GB and 960GB and .50 per GiB for the smallest 120GB drive.

Google Launches Gmail Postmaster Tools To Eliminate Spam 55

Mark Wilson writes: Spam is a problem that is not going away for anyone who receives email — and who doesn't? Over the years Google has taken steps to try to reduce the amount of junk that reaches Gmail inboxes and today the company is taking things a step further with Gmail Postmaster Tools and enhanced filter training for Gmail. Part of the problem with spam — aside from the sheer volume of it — is that the detection of it is something of an art rather than a science. It is all too easy for legitimate email to get consigned to the junk folder, and this is what Gmail Postmaster Tools aims to help with. Rather than helping recipients banish spam, it helps senders ensure that their messages are delivered to inboxes rather than filtered out.
The Courts

Time Warner Cable Owes $229,500 To Woman It Would Not Stop Calling 215 writes: Reuters reports that a Manhattan federal judge has ruled Time Warner Cable must pay Araceli King $229,500 for placing 153 automated calls meant for someone else to her cellphone in less than a year, even after she told them to stop. King accused Time Warner Cable of harassing her by leaving messages for Luiz Perez, who once held her cellphone number, even after she made clear who she was in a seven-minute discussion with a company representative. Time Warner Cable countered that it was not liable to King under the federal Telephone Consumer Protection Act, a law meant to curb robocall and telemarketing abuses, because it believed it was calling Perez, who had consented to the calls. In awarding triple damages of $1,500 per call for willfully violating that law, U.S. District Judge Alvin Hellerstein said "a responsible business" would have tried harder to find Perez and address the problem. While Time Warner argued that they were unaware King ever asked to be on the company's "do not call list," Hellerstein determined, "there is no doubt King made this revocation." He wrote that the company "could not be bothered" to update King's information, even after she filed suit against TWC in March of 2014. The judge said 74 of the calls had been placed after King sued and that it was "incredible" to believe Time Warner Cable when it said it still did not know she objected. "Companies are using computers to dial phone numbers," says King's lawyer Sergei Lemberg. "They benefit from efficiency, but there is a cost when they make people's lives miserable. This was one such case."
The Almighty Buck

Video Leased LEDs and Energy Service Contracts can Cut Electric Bills (Video) 53

I first heard of Consumer Energy Solutions from a non-profit's IT guy who was boasting about how he got them to lease him LED bulbs for their parking lot and the security lights at their equipment lot -- pretty much all their outdoor lighting -- for a lot less than their monthly savings on electricity from replacing most of their Halogen, fluorescent, and other less-efficient lights with LEDs. What made this a big deal to my friend was that no front money was required. It's one thing to tell a town council or non-profit board, "If we spend $180,000 on LEDs we'll save it all back in five years" (or whatever). It's another thing to say, "We can lease LEDs for all our outdoor lighting for $4,000 per month and save $8,000 on electricity right away." That gets officials to prick up their ears in a hurry.Then there are energy service contracts, essentially buying electricity one, two or three years in advance. This business got a bad name from Enron and their energy wholesaling business, but despite that single big blast of negative publicity, it grows a little each year. And the LED lease business? In many areas, governments and utility companies actually subsidize purchases of anything that cuts electricity use. Totally worth checking out.

But why, you might ask, is this on Slashdot? Because some of our readers own stacks of servers (or work for companies that own stacks of servers) and need to know they don't have to pay whatever their local electric utility demands, but can shop for better electricity prices in today's deregulated electricity market. And while this conversation was with one person in this business, we are not pushing his company. As interviewee Patrick Clouden says at the end of the interview, it's a competitive business. So if you want the best deal, you'd better shop around. One more thing: the deregulated utility market, with its multitude of suppliers, peak and off-peak pricing, and (often) minute-by-minute price changes, takes excellent software (possibly written by someone like you) to negotiate, so this business niche might be one an entrepreneurial software developer should explore.

Avira Wins Case Upholding Its Right To Block Adware 64

Mark Wilson writes: Security firm Avira has won a court case that can not only be chalked up as a win for consumer rights, but could also set something of a precedent. Germany company took Avira to court for warning users about "potentially unwanted applications" that could be bundled along with a number of popular games and applications. downloads included a number of unwanted extras in the form of browser toolbars, free trial applications, adware, and other crapware. Avira's antivirus software warned users installing such applications; Freemium took objection to this and filed a cease and desist letter, claiming anti-competitive practices. But the court ruled in Avira's favor, saying it could continue to flag up and block questionable software.

Emergency Adobe Flash Patch Fixes Zero-Day Under Attack 71

msm1267 writes: Adobe has released an emergency patch for a Flash zero-day used in targeted attacks by APT3, the same group behind 2014's Clandestine Fox attacks. Adobe said Flash Player and earlier for Windows and Macintosh systems are affected, as is for Linux 11.x versions.

The current iteration of Clandestine Fox attacks shares many traits with last year's attacks, including generic, almost spam-like phishing emails intent on snaring as many victims as possible that can be analyzed for their value before additional attacks are carried out. The two campaigns also share the same custom backdoor called SHOTPUT, as well as an insistence on using a throwaway command and control infrastructure.

Ask Slashdot: How Effective Is Your ISP's Spam Filter? 269

An anonymous reader writes with the question in the title: does your ISP do a decent job culling spam? The reason I'm asking is that my ISP is Verizon and the Verizon spam filter is next to useless. It only blocks 15% of spam while also blocking 5% of legitimate emails. I've tried calling Verizon support a couple of times and the experience is about as pleasant and productive as banging my head on a wall. At this point I think my best move is to change ISP, but before I go around changing my email address at probably dozens of web sites I'd like to be sure that a new ISP would actually be better.

86.2 Million Phone Scam Calls Delivered Each Month In the US 193

An anonymous reader writes with a report from Help Net Security which assigns some numbers to the lucrative fraud-by-phone business in the U.S. -- and it's not just the most naive who are vulnerable. "Phone fraud continues to threaten enterprises across industries and borders, with the leading financial institutions' call centers exposed to more than $9 million to potential fraud each year," says the article. "Pindrop analyzed several million calls for threats, and found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers. Credit card issuers receive the highest rate of fraud attempts, with one in every 900 calls being fraudulent."

What's been your experience with fraudulent robocalls? I've been getting them on a near-daily basis -- fake credit card alerts, "computer support" malware-install attempts, and more -- for a few years now, which makes whitelisting seem attractive. ("Bridget from account services" has been robo-calling a lot lately, and each time she says it is my final notice.) My biggest worry is that the people behind these scams, like spammers, will hire copywriters who can fool many more people.

Anti-TPP Website Being Blacklisted 180

so.dan writes: The CTO of Fight for the Future — the non-profit activism group behind Battle for the Net, Blackout Congress, and Stop Fast Track — Jeff Lyon, is seeking advice regarding a problem with facing the website they created — — to fight the secret Trans Pacific Partnership trade deal.

The site been blacklisted by Twitter, Facebook, and major email providers as malicious/spam. Over the last week, nobody has been able to post the website on social networks, or send any emails with their URL. Lyon has posted a summary of the relevant details on Reddit in the hope of obtaining useful feedback regarding what the cause might be. However, none of the answers there right now seem particularly useful, so I'm hoping the Slashdot community can help him out by posting here.

Lyon indicates that the blackout has occurred at a particularly crucial point in the campaign to kill the TPP, as most members of the House of Representatives would likely vote against it were it brought to a vote now, and as pro-TPP interests have started to escalate their lobbying efforts on the House to counteract what would otherwise be a no vote.

Attackers Use Email Spam To Infect Point-of-Sale Terminals 85

jfruh writes: Point-of-sale software has meant that in many cases where once you'd have seen a cash register, you now see a general-purpose PC running point-of-sale (PoS) software. Unfortunately, those PCs have all the usual vulnerabilities, and when you run software on it that processes credit card payments, they become a tempting target for hackers. One of the latest attacks on PoS software comes in the form of malicious Word macros downloaded from spam emails.

Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs 173

An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.

Top Publishers To Post News Stories Directly To Facebook Timelines 50

An anonymous reader writes: The BBC, BuzzFeed, NBC, The New York Times and National Geographic are among some of the publishers which will post news items directly to a Facebook user's timeline thanks to a new feature called Instant Articles. Chris Cox, Facebook’s chief product officer, says the program will allow publishers to “deliver fast, interactive articles while maintaining control of their content and business models.” Under the terms of the plan, publishers can sell and embed ads in the articles and keep the revenue, or allow Facebook to sell ads. Publishers will also be allowed to track data and traffic with their own analytics tools.