sorted by: recent | see : popular

Content Tagged with spam + Web

Update: Platform-A’s official statement on the breach. Original Story below the fold.

Platform-A has determined that the servers that host Third Screen Media’s corporate web site were breached during the weekend of June 6-8, 2008. The breach resulted in malicious code and web pages being loaded on the web server. Third Screen Media’s web site is supported by a third-party hosting provider, which is completely separate from its production ad-serving systems. We have confirmed that the company’s advertising systems have not been impacted and remain secure.

The site has been taken down and all malicious content has been removed. Platform-A’s technical staff is investigating the breach to determine the appropriate changes necessary to secure the systems. Once the appropriate changes have been made, the site will be made operational again.

Jeff Bentley, a reader of our site accidentally stumbled into what seems like a hack by spammers of Third Screen Media, a mobile advertising company that was acquired by AOL in 2007 for $107 million and is now part of Platform A.

While surfing on his Blackberry browser, Bentley found that somehow one his sites had been hacked and there were some spammy links embedded in the header of the pages on that site. All the links were emerging out of Third Screen Media’s domain and were pages built for pharmaceuticals related spam. Essentially Third Screen is serving as a spam-farm for someone. We have written in the past about how WordPress themes are being used to embed spam links and other nefarious stuff. (He has links to everything on his blog.)

Anyway this brings up the question: how secure is Platform A’s ThirdScreenMedia? Or is it someone from within who is mucking around and using the company’s domain to serve up spam. Blame it on the gorgeous blue skies this morning, but I am having a hard time thinking that ThirdScreen themselves could be to blame and offering spam-links as a service ;-).

PS: I will update the post after I hear back from Platform A.

MySpace this week won a ruling against Samford Wallace and Walter Rines, reinforcing the fact that there’s no love lost between big web sites and spammers. But it’s also a sign of an escalation of the war on spam.

Spammers are finding virgin territory in emerging messaging tools, including SMS and social networks. Ferris Research projects that Americans will receive 1.5 billion unsolicited text messages in 2008, double the number sent in 2006. And Nielsen calls mobile social networking the next big thing, estimating 2.8 million unique mobile MySpace users and 1.8 million mobile Facebook users in December 2007.

According to antispam firm Cloudmark, spammers are already embracing these new technologies: Between 15 percent and 30 percent of friend requests on some of the largest social networks lead to a spammy profile.

“A lot of people in antispam thought that the reason we have such a bad spam problem is that you can’t pin a reputation on the original individual who sent the mail, and that maybe social networks would be able to remediate that,” said Cloudmark researcher Adam O’Donnell. “But one of the main uses of social networks is getting back in touch with someone you have no real connection to, so you need to be able to leave that vector open for someone to friend you.”

This is an increasingly popular approach for spammers, who create an account and try to friend as many people as possible, then wait for people to view their profiles — which contain spam or links to other sites.

With a huge variety of ways to put content online, those sites can be almost anywhere. MessageLabs‘ Matt Sergeant calls Google Docs “the perfect way to spam,” explaining that hyperlinks in an unsolicited message might go to a Google Docs file containing Google Analytics’ tracking code, rather than a spammer’s server.

Spammers aren’t just pushing pharmaceutical sales, either; increasingly, the site recipients visit tries to inject malware that compromises a visitor’s machine. That machine then becomes a tool for denial-of-service attacks and sending spam, and may be used for keyboard logging and financial phishing. “There’s multiple products being pushed over the spam side,” said O’Donnell.