Sebagian besar email spam yang beredar hari ini mengandung satu atau dua URL yang menunjukkan gambar dan menunjuk ke situs spam. Sesuatu seperti ini:
<a href="http://spam-site.com"> <img src="http://picture-site.com/picture.jpg> </ a>

Beberapa spam juga berisi URL yang menunjuk ke situs-situs bereputasi tinggi seperti msn.com, Microsoft.com dan lain-lain. Teknik ini digunakan untuk membingungkan spam filter dengan konten spam meracuni. Pada dasarnya, kami memiliki beberapa URL yang mencurigakan (atau seharusnya saya menyebut mereka berbahaya?) Yang dapat blacklist tanpa masalah.

Spammer, tentu saja, menyadari fungsi ini dan telah ditemukan sejak lama berbeda dari iklan mereka vektor URL: Melalui berbagai kelompok (Yahoo, Google, dll), Blog, Jaringan Sosial situs-situs seperti Twitter, Google Documents, mesin pencari pengalihan , dan seterusnya.

Metode lain, yang tidak begitu banyak digunakan sampai saat ini, adalah Google Notebook. Beberapa hari yang lalu aku menemukan sebuah email spam yang tidak ada hal lain dalam daripada satu URL yang menunjuk ke Google Notebook: http://google.com/notebook/public/ <large-number> / <large-text>.

The RSA FraudAction Research Lab would like to share its startling findings based on its tracking and research of the Sinowal Trojan, also known as Torpig and Mebroot. Our findings based on the data we have collected on this Trojan over the course of almost three years – including information regarding its design and its infrastructure – indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters.

We recently discovered that, dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen.

Sinowal has been the subject of rumor and speculation in the industry, and little is known about its source. There is generally more known about the sources of other Trojans. Some have alleged that it was owned and operated by a Russian online gang with past ties to the infamous Russian Business Network (RBN). Our data confirms the Sinowal Trojan has had strong ties to the RBN in the past, but our research indicates that the current hosting facilities of Sinowal may have changed and are no longer connected to the RBN.

So, why is Sinowal one of the most serious threats to anyone with an Internet connection? Simply put, Sinowal infects victims’ computers without even an inkling of a trace. The criminals behind Sinowal have not only created highly-advanced and malicious crimeware, but have also maintained one of the most hidden and reliable communication infrastructures. This infrastructure has been designed to keep Sinowal collecting and transmitting information for almost three years. In addition, the stolen data has been methodically organized within a well-organized repository. Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to effectively utilize just one Trojan.

Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006. And in addition to its longevity, Sinowal has also been evolving at a dramatic pace – its rate of attacks spiked upwards from March through September of this year.