According to typo-squatting (dot)cm urls has apparently become a big business in 2018 for self-proclaimed “spam king” and one time convicted felon Scott Richter.

Research conducted by Matthew Chambers of Secure Works in Atlanta found that 1000s of the .cm domains participating in this new approach to spam were all part of a vast network empire all owned by Media Breakaway, LLC, headed by Mr. Richter. It seems that Media Breakaway in turn leases this massive network to folks that, surprise, don’t have the end user’s best interests at heart.

How it Works

When fast but flawed typers accidentally enter Espn[dot]cm or more than a thousand so-called “typosquatting” domains hosted on the same Internet address including aetna[dot]cm, aol[dot]cm, box[dot]cm, chase[dot]cm, citicards[dot]cm, costco[dot]cm, facebook[dot]cm, geico[dot]cm, hulu[dot]cm, itunes[dot]cm, pnc[dot]cm, slate[dot]cm, suntrust[dot]cm, turbotax[dot]cm, and walmart[dot]cm they are (currently but subject to change) directed to one of two sites antistrophebail[dot]com or chillcardiac[dot]com offering amazing deals, free gifts etc. for completing a short survey.

Trying to Hide from Researchers

As Matthew Chambers points out:

“One thing we notice is that any links generated off these domains tend to only work one time, if you try to revisit it’s a 404,” Chambers wrote, referring to the standard 404 message displayed in the browser when a Web page is not found. “The file is deleted to prevent researchers from trying to grab it, or automatic scanners from downloading it. Also, some of the exploit code on these sites will randomly vaporize, and they will have no code on them, but were just being weaponized in campaigns. It could be the user agent, or some other factor, but they definitely go dormant for periods of time.”

Enormous Amounts of Traffic

With a recorded 12 million visitors in the first quarter of 2018 this network is getting gobs of traffic for Media Breakaway and their customers. Given the creativity of the cybercriminal world there is a tremendous monetization potential held within this network. Ransomware, root kits, and password stealing key loggers could all be delivered from the bogus sites directly or from a redirect.

Konsultek’s Holistic Approach

If you’ve spent any time on this blog or attended one of our events you know that we take network and information security seriously.  That’s why when we develop our custom solutions for clients Palo Alto’s prevention expertise is more likely than not going to be part of that solution when applicable.  However, we also believe in the power of detect and respond so you can be certain that technologies from ForeScout, FireEye, Firemon and others are going to be part of your solution as well.


read more

It seems that spammers, those irritants of your inbox, are working a “regular” job just like you or me. They put in long hours, for the most part they work weekdays and with the exception of the night owls, work regular business hours. This according to the IBM X-Force Kassel research team which operates a massive network of spam honeypots.

By gathering billions of unsolicited “spam” emails every year the team can easily identify and study trends in the world of spam.

Most recently the team looked at what a typical spammer’s workweek looked like and here are some of the interesting things they found.

1.  The Weekly Grind – much like the rest of the working world, spammers and their bots apparently work a typical work week with typical hours. Over 83% of spam email is sent during the business week with the highest concentration being delivered on Tuesday, Wednesday and Thursday.

Source: IBM X-Force Kassel

2. Business Hours – The typical spammer works business hours…North America and European hours. Sure it makes for a long day, starting with early morning in Europe and not slacking off until near the end of East coast business hours (around 4pm). IBM feels that this pattern is driven in part by the types of malware being delivered which are more targeted towards businesses rather than individuals.

3. Some Folks Work Nights and Weekends – So while the principle targets are corporate employees, there is a dedicated contingent of spammers who work weekends, especially weekend nights, rounding out the spamming ebb and flow.

4. Where the Spammers Live – Based upon IP address tracking it would appear that the primary locations for spammers are:

Source: IBM X-Force Kassel

Spammers are Dedicated to their Craft

The spammers are a dedicated bunch. The work day-in and day-out, delivering their messages to their victims relentlessly. And, of course, they continue to innovate from the type of message sent to the type of attachment used to the type of malware exploit delivered.

Konsultek is Dedicated to Security

When your foe is as dedicated as the spammers are you need someone on your team who is just as dedicated and even more innovative. That’s where Konsultek comes in. We’ve been developing world class security solutions for over 20 years. If you think it’s about time you trimmed your diet of spam, give us a call and we’ll help you develop a solution that will have you saying “no thank you” to spam, no matter how many times it’s offered to you.


read more

SPAM on the Rise Globally

On March 23rd, 2017, posted in: Spammers by konweb

We highlighted the release of The 2017 Cisco Annual Cybersecurity report in our blog post a few weeks back. Today, SPAM is on the menu and the same Cisco report serves up some very interesting insights into the growth of global spam.

According to the report:

  • 65% of all email globally is spam
  • 8-10% of spam in 2016 was malicious. More troubling however is that 75% of spam in October, 2016 contained malicious attachments
  • From August to October 2016 there was a dramatic rise in the number of IP addresses deemed spammy and subsequent blocked
  • Cisco researchers attribute much of the rise of spam in 2016 to the Necurs botnet ( a primary distributor of the Locky ransomare


Konsultek Knows Spam

Spam is problematic for every organization. In its most benign form the sheer volume of spam can overload inboxes and waste valuable employee time. In its most malignant form spam can trick employees into inviting malware into networks or even sending funds to cybercriminals masquerading as suppliers.

At Konsultek, spam is just one of things we take of the buffet of cyber threats so that your employees, your organization and your network are protected. If you are interested in learning more about how we can help your organization please give us a call.


read more

Mega Spammer Leaks 1.37 Billion Emails

On March 7th, 2017, posted in: Hackers, Spammers by konweb

Monday morning, March 6, 2017 started off with a teaser announcement from data breach storm chaser Chris Vickery over at MacOS security software specialists MacKeeper. The announcement stated that later in the morning the identity of a breach victim with 1.37 BILLION records compromised would be identified.

Wow 1.37 Billion is a LOT of records! For perspective, there are only about 300 Million people in the whole United States. A breach of that size can only happen to an organization that either has a lot of individual users/customers, a large government agency or perhaps a large scale data aggregator.

The Internet was immediately on fire with speculation as to who might have been breached… Facebook? Salesforce? Apple? Alibaba?

Well, a few hours later the mystery was solved when Chris Vickery revealed on the MacOS blog that the “victim” was one of the largest email spammers in the world! Wow, no one had that on their radar.


The spammers, who position themselves as legitimate marketers under the name River City Media, use automation and hacking techniques to send out an estimated 1 Billion emails a day with a team that numbers around a dozen. While everyone despises spam email, at some level you have to admire the sheer spamming scale that Alvin Slocombe and Matt Ferris, the River City Media principles, were able to operate at.


Another Dark Day for Privacy

In addition to emails, the database contains real names, IP addresses and frequently physical addresses. It would appear that these details may be headed over to law enforcement authorities so “big brother” just got a huge windfall.

Kudos to the Spam Assassins

You can bet that this is only the beginning of the story and that much more will come to light in the months ahead. Certainly all the investigators involved, MacKeeper Security Research Center, CSOOnline, and Spamhaus deserve a huge helping of kudos for clearing up, at least a little bit, the inboxes of over a billion spam victims in one fell swoop.

How Secure is Your Network?

You would think that a group of professional spammers would have appreciated and deployed the best security measures possible. It just goes to show that any operation, illegal or otherwise can be brought to a screeching halt when a data breach occurs.

Don’t let something like this happen to your organization!

Get proactive on challenging your own network security before it is too late.  From executive assessments to vulnerability discovery and breach simulation Konsultek can help. Give us a call to find out how we can help you identify and quantify your network security risks in a proactive manner.


read more