Websites want me to remove my Ad-blocker

More and more sites I visit is detecting that I use an ad-blocker and asking me to either pay a daily or monthly fee to access their content, or whitelist the site in my system.  If the content is valuable which is not available free from other sites I would not mind having a small subscription and get a regular feed.  To remove my ad-blocker or white-list a site may result in your 

Possible threat from an ad being delivered

system being compromised. This is due to ads being delivered may contain harmful code from fraudsters and users with malicious intent buying ad space from ad re-sellers.  As can be seen from the image, anti-virus is blocking a potential risk from an ad delivering site trying run run a java-script on the workstation.

Websites wanting ad to be displayed on your system have no clue on what risk they are deliver to the unsuspecting users.

In the future, ads will be blocked more at the enterprise level on all platforms as it is realized that the threat is bigger than thought before.  This is all to the fraud syndication embracing technology for another compromise to the defense layer.

I would recommend to not allow any ads while browsing the Internet or at least have current and good anti-virus on your system and do not log onto your system with a privileged account.

 

Getting caught by unsubscribing from spam

By unsubscribing you confirm your email to the main spamming company and you will only get more spam

Have you ever received an spam email that you have unsubscribed from before?  Today I had a very interesting encounter with a local company getting onto the bandwagon to sell training by obtaining email lists from definitely dubious sources.  My argument here is that we see many coming from the same source without anyone subscribing.  Personally, I have unsubscribed during May 2018 without being removed.  Today (close to 4 months later and numerous requests to be removed) the evidence of a spamming engine came to fore.

My local defense layer consists of multiple security ‘check-points’.  As you come from the Internet, the first router has the normal edge protection such as attack mitigation, source validation, and more, but only at a rudimentary level.  It is more effectively used for egress (from the inside out) destination validation.  This is a very nice feature which came in handy in this example.

Perimeter router with IDS and IPS

The next level is a firewall with IPS (Intrusion Prevention Services) that actively blocks access to malicious sites, including TOR, Ransomware Command and Control Centres, Trojan and other real-time updated IP addresses.  This is both ingress and egress. and finally before a packet is allowed in or out of the ‘worker’ segment, it is monitored using a Network Security Monitor for attack signatures.  It is amazing to see the amount of actual attacks from countries to gain access to, as an example, command access to the D-LINK routers.

The first step is email in my inbox which was from a local site (South Africa) which needs to conform to the ECT Act of 2002 that defines that a recipient should be able to unsubscribe.  In this case,

after numerous attempts, we are still receiving emails and finally with a new updated signature realized that the email .marketing’ company the local company is using is registered as a spamming agent.  This is after receiving an email with an unsubscribe link, and only to be warned that the linked is blocked as it is a spamming company.

Also, just a quick look at the registration details of the company we see the following.

Link to the direct information at the South African registrar for Internet Addresses/Names shows that the company registered in 2008 in the USA (CA) with telephone numbers and email addresses ‘withheld’.  The hosting company locally will be contacted for comment.

 

 

The following warning is received from the external perimeter that the site connecting to the unsubscribe link.

Spam ‘Haus’

So what does this mean?

Sometimes when you unsubscribe, you only confirm the validity of your email address to spamming engines and other email marketing companies.  With some local laws protecting you, many of these spam companies are outside your country and your recourse becomes difficult if not impossible.

An option could be to complain to the hosting company copying to ‘abuse@sendercompany…..’ (of course replace sendercompany) or adding the sender domain as a spam email to your antivirus. This sometimes is reported to the ‘mother-ship’ and can help fighting spam.

Spam still is one of the biggest problems and also lends to phishing and other attacks.  A very good book is by Brian Krebs called Spam Nation… highly recommended.

Let’s wait and see how long it takes for this to sink in and get an unsubscribe to all domains requested.  It may be possible that the sender has no idea, but it is not an excuse of course.

It could be beneficial to train recipients on how to complain to the registrar of the company sending the spam.  HOLD THAT THOUGHT!