Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application.
Source: Help Net Security
Tripadvisor members have probably received an email from the CEO, explaining that their member’s list has been accessed by a third party.
It’s just one more company to add to the long list of those who have had their client’s list leaked.
It will make spammers very happy, but again, the positive thing is that, at least, they’ve come forward, unlike some other companies I’ve used in the past which just don’t even bother to acknowledge the fact that there has been a leak…
I don’t know if it was built by spammers or if they sell their database or if it’s too easy to hack, but if you leave an email address on that site, you will get spammed a lot…
Escher Auernheimer of Goatse Security had this to say:
“I released a semantic integer overflow exploit for Safari through
Goatse Security in March– it was patched on Apple’s desktop Safari but
has yet to be patched on the iPad. This bug we crafted allows the viewer
of a webpage to become a proxy (behind corporate and government
firewalls!) for spamming, exploit payloads, password bruteforce attacks
and other undesirables. The kicker is that this attack cannot be
detected by any current IDS/IPS system. We released this in March, mind
you, and Apple still hasn’t got around to patching this on the iPad! I
know through personal experience that the patch time for an iPad
vulnerability is over two months and counting. Given that, the number of
parties which probably have active iPad exploits likely numbers in the
hundreds, if not the thousands. The iPad simply is not a safe platform
for those that require a secure environment.”
If you want to spam the world, BT is one of the best network to be on. Nb 7 in Spamhaus’ worst ISP list0
Spam continues to plague the Internet because a small number of large Internet Service Providers sell service knowingly to professional spammers for profit, or do nothing to prevent spammers operating from their networks.
Although all networks claim to be anti-spam, some network executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations. Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines.
The majority of the world’s service providers succeed in keeping spammers off their networks and work to maintain a positive anti-spam reputation, but their work is undermined daily by the few networks who, out of corporate greed or mismanagement, choose to be part of the problem.
Source: Spamhaus Blocklist (SBL) database. Data is compiled automatically every 24 hours from the SBL database and sorted by the number of currently listed SBL records for each network (ISP/NSP). The source data, including record information on each spam issue listed can be viewed by clicking on the Number of Known Spam Issues links.