Google abuse
Who feels lucky here?
Today I got this spam mail, that at first looked too simple.
But when I looked twice, I noticed it was actually opposite:
"Check it out - I just found the best casino website!
It has great games, tournaments, daily promotions and high bonuses.
If you go there now you'll get a free beginners bonus of $555 - so you can start playing right away!
Have fun!"
Casino spam is not news at all, but the deceptive link was.
Instead of linking directly to www.casino-games-pro.com it used this:
http://www.google.com/search?q=
inurl%
3Agames-pro+
intext%
3Awon1+million+megabet+from+casino+online
&btnI=Lucky target="_blank"
(This query searches for sites with "games-pro" in the url + "won1 million megabet from casino online" somewhere in the text.)
This combination of words is found on only one website.
And then Googles 'Feel lucky button' is abused to go directly to the site...
Result: the scam-site avoids naming itself in the spam mail,
thus making it harder for spam-filters to scan for names of known scam-sites.
This is a new trick that I haven't seen before, but I read about it recently.
Here's the scam sites information:
Domain: CASINO-GAMES-PRO.COM
Registrant: Not avialable.
Creation Date: 26-Sep-2007
IP Address: 88.214.198.120
IP Location: United Kingdom - Real International Business Corp
Domain servers: ns1.hqhost.net + ns0.hqhost.net
Registrar: www.erdomain.com
How to complain:
Report abuse: abuse@erdomain.com
Report USA-spam: spam@uce.gov
Google spam report: google.com/contact/spamreport.html
Different points of view
Ads are no longer just ads. Actually it's more misleading not to differentiate.
Stumbled upon this debate, decided to follow the trail further:
Visually deceptive
advertisements
in web design
John G. Tylers: "The insidious problem of visually deceptive advertisements in web design, where advertisers fool users by displaying what appear to be user-control dialog elements but which really are links to their voracious marketing engines...
Jakob Nielsen: "Yes, ads that masquerade as dialog boxes or other useful user interface elements are deceptive and probably unethical. But they are also self-defeating: sure, you can trick the user into clicking on an ad in the belief that it is a dialog box, but that user's first reaction upon arriving at your site will be one of disgust - and an immediate click on the Back button..."
Mads Dam: "There are 3 kinds of deception,
but only the last kind is illegal:
Mild manipulation,
'Always going to the line'
and Outright fraud
Mark Twain: "A man is never more truthful than when he acknowledges himself as a liar.
Often the surest way to convey misinformation is to tell the strict truth.
Truth is the most valuable thing we have. Let us economize it."
Read more...
Do you feel lucky?
Google has such a clean design, and never looks cluttered and confusing. Other engines have suffered from "portalitis", but not Goggle.
Except from a minor adjustment of their original logo, and the seasonal logo-joke, they have always looked like that. Clean, simple and efficient.
But if you have always seen something, most likely you've never thought about it.
In this case: you have probably never wondered why Google has this extra "Do you feel lucky"-button.
And you have probably never used it either. So why is it still there..?
Because users love it? They don't. Many use it? Only 1 %. Google profits somehow?
Au contraire, that button may cost $100 million annually in lost ad revenue, source American Public Media's Marketplace.
Problem: If people use that button, they also bypass the ads Google is spinning gold from.
If all users felt lucky, Googles ads would never be viewed.
So why does Google keep the button?
Well, here's a lesson of layers:
Sergey Brin, co-founder of Google: "The reason it's called "I'm Feeling Lucky," is of course that's a pretty damn ambitious goal. I mean to get the exact right one thing without even giving you a list of choices, and so you have to feel a little bit lucky if you're going to try that with one go."
Marisa Mayer, Google's vice president: "Larry and Sergey had the view, and I certainly share it, that it's possible just to become too dry, too corporate, too much about making money. And you know what I think is really delightful about Google and about the "I'm Feeling Lucky," is that they remind you that the people here have personality and that they have interests and that there is real people."
Web usability expert Jacob Nielsen says this serves another business purpose: 'Oh we're just two kind of grad students hanging out and having a beer and having a grand old time,' not you know, 'We are 16,000 people working on undermining your privacy.'"
Typosquatting
Naming as gaming
If you mistype a domain name,
you 'd expect to get a variation of
"oops : unavailable / not found".
However, if it's a popular domain you'll probably get something nevertheless.
There are 3 degrees:
1) Harmless: If you type "gogle.com" you'll be automatically redirected to the correct name "google.com".
You wont even notice errors silently corrected in the background.
2) Annoying: If you type plitiken.dk instead of politiken.dk (a popular danish newspaper),
then your mistake will not be corrected. You'll get a gallery site gallerysee.com
which is completely unrelated to what you wanted. At least obvious faking - lose time not money.
3) Fraud: If you mistype the name of your online bank, and arrive at a site that looks exactly like the original,
but isn't, then you'll not lose time but probably all your money.
Read more in Wikipedia...
Urgent urgent..!
Yesterday I received an email with "Urgent! Urgent!" as title.
The message was a forwarded warning of some new virus, being distributed by mail and hiding in an attached pdf-file.
Don't open that file: then this virus will erase all information on your harddisk, and you'll never ever get it back.
This nasty little program was supposedly created by a german programmer. Forward this to all your friends...
Hm, I thought, this sounds like a message from a "friend of a friend". And what does that remind me of?
Urban legends! Now, think about this: there's more than 100.000 viruses around now, and more than a hundred new appearing each week.
What sense does a single email make, warning about a single virus? How about the other 99.999..? Well, here's reality:
If you don't have anti-virus, and your pc is not updated, you'll be infected in less than an hour if you go online.
Morale: Don't spread disinformation, don't pass unvalidated warnings, don't waste peoples time.
Do check the source and credibility of information, do use your common sense.
Here's a link to Hoax Warnings from F-Secure: f-secure.com/hoaxes/hoax_new.shtml
Surfing privately
If you're worried about Google hiding personal information (almost) for ever, try Blackdust - an anonymous Google proxy. Here's their own description:
"When we search the web with Google its easy to forget that they are recording every search and every IP address. In fact unless you're very careful with your cookies then Google probably knows you better than you know yourself.
This freaks us out. And it should freak you out two. The fact that every aspect of our search behaviour is being recorded, and use of that data isn't really restricted by any laws or policies is a problem. Blackdust is the solution to the problem. Searching the web through the Blackdust anonymous proxy protects your identity and what Google can learn about you."
And they'll remove the ads as well...
Polar rose looks at images
How would you find a text on the net, if there was no Google, Yahoo, Ask or any other searchengine? Well, probably not.
But we are more or less in that situation when it comes to images. A decade ago the internet was almost a text only resource.
But now, almost 10 million new photos are uploaded daily, a number that more than doubles each year.
So how do you locate that image, that is somewhere out there? Yesterday I read of a new image based searchengine, Polar Rose.
It's still a beta-version, but the perspective certainly looks promising! Have a look...
Sometimes we have a question. And want an answer.
However, this is not exactly what happens on the internet.
When we ask a searchengine, we usually give it one word (or perhaps some more).
In return we're presented with a looong list of sites that contains this word.
But actually we're not looking for words, but for information, meaning, ideas, concepts.
In short, something that makes sense. The searchengines we know are still working on a primitive 'keyword' level.
Read more...
The law of more
In need of speed?
If development of cars followed Moores Law,
it would only take half a century
to attain the speed of light.
And then beyond...
|
Phishing, Virus, Spammer, Spy
Safe in cyberspace?
Taste without grace
Normally I would wonder what a domain name meant. And how it sounded. But I never worried about how it tasted...?
Just joking, here's the more serious point: be carefull when you search for a new possible domain, and NetworkSolution is asked. They may return the answer but keep the name. I just read this warning in webpronews.com:
"ICANN also specifically addressed the concern over NetworkSolutions' recent controversial practice of automatically registering domains searched for on their site, raising the price, and then returning during the grace period. NetworkSolutions defended the practice as a way to protect customers from frontrunners, but critics have had trouble deciphering the difference."
Only avoiding one specific company is probably only false security: avoid any instance that have a commercial interest in your choise...
If you get a message like this, then beware!
"Find out who deleted you from the MSN without noticing it.
Check your MSN and verify who deleted you from their Messenger account."
Is this possible..?
The daily dose may seem petty, 1-2 minutes clicking delete in a whole day.
Irritating but insignificant, like a few flies buzzing by, who cares.
However, the real cost is grossly underrated for several reasons:
Spam filters devour their share of the mailstream, so we only see the tip of the iceberg.
But each time you get a real email, 4 spam mails were sent but filtered out.
That number is unfortunately growing.
And the growth is accellerating...
Raising the bottom helps us all
Consider the present net, lots of pages filled with animated sound and vision. Less than ten years old and still exploding.
Now 100 million websites and a billion pc's are out there.
When everybody get their own website, and every company and institution too,
then we'll reach 10 billion sites (the mid nineties only offered 50000 sites).
Similarly 10 times as many new computers will eventually arrive. And similarly many pc newbies born...
Nominal advice if you're
tired of spam and scam
Before you buy a domain name, check if you are creating it or if it has already been in use (or abuse). View old pages in archive.org and ask searchengines for references.
Verify that it is not banned in some quarters. Verify that the sites corresponding email adress isn't blacklistet, for spam or phishing.
Read more...
Stop spammers email harvest
Ever wondered where spammers got your email address from?
Searchengines are continually scanning the internet, looking for original content.
But that's obvious enough, and you can block their visits if you want to be invisible.
However, other people are scanning the net as well, spidering site after site to harvest the email addresses people posted.
They don't announce their visit, don't ask for permission and don't take no for an answer...
Spam mails can be stopped once they are sent, but no spam-filter gets them all.
It would be more efficient, if they weren't sent at all.
If spam spiders become visible, they can also be stopped.
To stop them they need to be tracked and analyzed...
The line above was the title line of a spam mail I recently received. The message itself was equally weird.
It's amazing how much spammers will do to slip through the spam filters.
Sometimes their efforts remind me of the weird author William Burroughs,
who also used scissors to 'write'. Here's a recent example of spam cut up..
Fake surveys
Don't fall for this scam, that I've recently seen in growing numbers: "SomeBank will add $100 credit to your account just for taking part in our quick 5 question survey.".
Sure! And when you've answered the very few and very easy questions, the money is all yours. They only need to know your accountnumber, password, pincode, mothers maidenname, etc...
Stop! And think: If someone wants to add money to your account, the number is all they need. But to get money out of your account...
Morale: There is no such thing as a paid survey! Why pay if most people answer freely, when you ask them politely..?
Spam from Hongkong
Ever received spam from a HK domain? Complain here: ofta.gov.hk/en/uem/main.html
June 2007 a new law went into effect in Hong Kong making spam and internet fraud illegal with regards to the use of .hk domains.
Now spam and fraud can be fined up to $1 million and five years in prison...
Major spammer arrested
It looks like Robert Alan Soloway has sent his last spam mail, at least for some decades to come.
He was arrested in May after a federal grand jury returned a 35-count indictment charging him with mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering. He's accused of using networks of compromised computers to send out millions of spam mails daily since 2003. He continued even after Microsoft won a $7 million civil judgment against him in 2005 and Robert Brauer (small Internet service provider in Oklahoma) won a $10 million judgment.
If convicted of all charges, he could face up to 65 years in prison. Still it could be worse...
Microsoft: "He's one of the top 10 spammers in the world. He's a huge problem for our customers. This is a very good day."
Spamhause: "Soloway has been a long-term nuisance on the Internet - both in terms of the spam he sent, and the people he duped to use his spam service which has, in many cases, got them into trouble..."
And if you want to know more of Soloways past, here's a looong blog...
|
When is enough..?
Spam is a growing problem. Unfortunately the growth is exponential, with no signs of decline. But the spam you receive is much less than the amount being sent, since spammers' lists often contain many invalid addresses. Spamfilters also devour their share. Here are the growing numbers:
1978: E-mail spam sent to 400 addresses.
1994: First large-scale spam sent to 6000 newsgroups, reaching millions of people.
2005: 30.000.000.000 each day (June)
2006: 55.000.000.000 each day (June)
2006: 85.000.000.000 each day (Dec)
2007: Even more...
So, when is enough?
Contact registrar/host
and report abuse
Ever felt frustrated about the endless streams of spam?
Do you wish you knew where to complain? Don't despair, here's how:
The spammers aren't quite invisible after all, ask WHOIS who is behind. There are many possibilities, but try domaintools.com.
Here you can read when a website was created, who did it, if it is blacklisted, and more.
You can also read who is the registrar, responsible for registering the site in question.
When you know the registrar, complain about the abusive site, and remember to document your complaint.
To save you some time I am accumulating here the websites and email addresses you need...
There are 3 levels
Global/National Top level.
Personal level.
And subdomains.
Read more...
Known spammers
Who is who and what did they do
Downloadable Software Scam
Canadian Pharmacy Scam
Rise and Fall of Robert Alan Soloway
People I do not know...
Here is a list of people, that I do not know and don't want to know.
Neither do they know me. Then why do they mail me again and again and again..?
Alas, next time spammers scan the internet to search for new email adresses to abuse,
it would only be fair if they harvested their own. And then spammed themselves. Bon appetit...
Abused/Abusive Registrar List
Hall of Shame
Top 50 Registrars with Blacklisted Domains for the last 5 days.
See the list...
Stop email harvest
Stop harvesting of email addresses
If spammers had no email addresses to spam, they would be out of business.
But what can be done? Several things it seems, and here's a few possibilities that I stumbled upon:
When spammers visit your site, they'll check all pages for email addresses. So, all you have to do is link to this page so when a spammer scans your page, they'll be sucked into this one: www.testmyfirewall.com/antispam.html
Spam is the electronic world's biggest problem. Fool proof methods to filter out spam doesn't yet exist, but we don't have to sit back and take it. Pages like this make spamming less profitable - our way to Fight Spam: www.auditmypc.com/freescan/antispam.html
A little trap for all those spam bots which harvest email and link addresses off the net. These links lead to other similar sites so those 'black widow' web spiders get their fill! www.isoliert.de/spamtrap.htm
Counter Scam
When the game is reversed
Artists Against 419: The Internet is great, isn't it? It's a magical place, where you can buy anything you want, meet new people, find information... and lose all your money to scammers.
We've never liked that last part, so we started to fight back. Over time our art has evolved, and we now maintain the largest repository of websites used in 419 and Advance Fee Fraud on the internet.
Nigerian 419 scam baiting involves responding to these e-mails posing as a potential victim of their scam and getting them to trust you to the extent that they waste a lot of their time and hopefully some money trying to bilk you out of your hard-earned cash. With luck, scammers also provide for a few laughs along the way. Dedicated to this little-known but growing internet sport:
419Baiter.com
What is scambaiting? Put simply, you enter into a dialogue with scammers, simply to waste their time and resources. You'll be helping to keep scammers away from real potential victims, screwing around with the minds of deserving thieves:
419Eater.com
Fighting Scammers Worldwide for
Fun and Justice: TheScamBaiter.com
NoScript
Preventing malicious scripts
In my opinion this is probably the best addition to FireFox. If you surf a lot, you'll meet new unknown sites all the time.
Should they all be trusted at first sight? Only if you don't care about security. However, asking your browser to disable all scipts permanently is not practical.
Then again accepting all scripts simply isn't safe. A differentiated response would be optimal. Here NoScript comes to the rescue:
"While its primary aim is preventing malicious JavaScript from running, NoScript can effectively block Java, Silverlight, Flash and other plugins on untrusted sites. Applets, Flash movies/application, Quicktime clips and other content won't be even downloaded from sites where you consider them annoyances, saving your bandwidth and increasing your navigation speed."
www.noscript.net
www.hackademix.net
Complainterator
Automated spam site complaint generator
Complainterator runs under Windows, and will drive your keyboard, mouse and screen as it looks up the spammed site's registrar, and also the registrars for the name servers for the site.
It allows you to preview the messages it has prepared, so you can add your own additional evidence, and then you can hit "Send" to release them to the registrars.
Complainterator has now accounted for the suspension of thousands of spammed and illegal web sites since its first release.
www.complainterator.com
|
