Is WP-Blackcheck effective?

That was the basic question of the research I did during the last days, greping through the logs to find some info to get an impression of the blacklists effect. Now I know, it isn’t in vain. If we’d say we have 10000 requests we would get about:

• 9000 Spam Comments
• 1000 Ham Comments
• 100 Reports

Tags: blog, spam, wp-blackcheck

Posted in: Malware | No Comments »

Malware is expensive

Everybody who is about to disagree with my headline might say that malware is free as it just stops by on your computer if it got some security holes due to missing patches or bad configuration. I do not disagree with that as there were no costs for the programmer, no licensing fees – a perfect example of freeware. But on the other hand the damage done by the malware itself is what it makes that expensive.

Read the rest of this entry »

Posted in: Malware | 10 Comments »

Spam or Virus?

Today I had one of those typical spam malware in my mailbox, showing that Microsoft Outlook is one of the most widely used mail programs, being attacked all the time:

Microsoft Outlook Notification for the xxxx@xxxx.xx

Support [xxxx@xxxx.xx]

Sent :Thu 15/10/2009 06:38

To xxxx@xxxx.xx

Attachment install.zip (12kb)

You have (6) New Message from Outlook Microsoft

- Please re-configure your Microsoft Outlook Again.

- Download attached setup file and install.

True, this mail usually is a bad one, but nevertheless it made me grin due to the fact that I was using Thunderbird and KMail for managing my personal mail flood. So I checked the mail headers and found out that it came from a spamhost somewhere in the net.

Read the rest of this entry »

Tags: Malware, spam, virus, windows

Posted in: Malware | No Comments »

Filling the gaps

My blacklist service runs fine by now and I have checked the results on a regular base. Fact is, that there are some IP ranges delivering quite much spam – so I decided to blacklist the ‘gaps’ in between the addresses as it is to suspect that those IPs might also get active. To recognize those ranges, the reason given in the database is set to ‘IP-Range blacklisted’

Posted in: Malware | No Comments »

The blacklist again…

It is wonderful if you know that a plan is working – especially if it’s your own one. Regarding the WP-Blackcheck plugin, it might even fot more here as I was observing less and less spam comments into the moderation queues of the sites I manage. To get some numbers I tried to deactivate a number of other anti spam plug ins and compared the numbers.

Read the rest of this entry »

Tags: blog, plugin, spam, wordpress, wp-blackcheck

Posted in: Malware | No Comments »

Is it me John Wayne, is it you?

Some spammers can really drive you mad – especially if they are doing things like that. Looking at my mailserver logs I have found some strange IP addresses like 123.27.3.81, 222.252.80.188 or 123.16.13.188 which are resolving to ‘localhost’ regarding to their reverse DNS. In other words, a bad configured mailserver thinks that the mail comes from itself and offers special treatment to that messages – which usually means they bypass the spamfilter. The problem can be solved quite simple by using ‘127.0.0.1′ instead of ‘localhost’ in your configuration files and you got green conditions again.

Tags: mail, spam

Posted in: Malware | 2 Comments »

I guess that’s it…

It’s quite a while since I have blogged about malware – and even more time has passed by since I have started catching malware. It all started around March 2006 as I was starting to contact various anti-virus labs and security companies to share the samples I have caught.

But I have to admit that it was a time full of learning and gaining knowledge about that bad software rumbling the network and about analyzing its behavior. But there was hardly anyone saying thanks for the work.

So I decided to stop my malware analysis project as it was just work, stress expenses which I had to pay for by myself. So here it ends after three years now.

Tags: honeypot, Malware

Posted in: Malware | 2 Comments »