Friday, November 18, 2016

The New Spam Rat Vectors:
Calendar and Photo Sharing

--

Today, I ran into one of the new spam rat vectors. Without any approval on my part, a two day event was shoved into my Calendar for today and tomorrow. It came from a persistent source of spam that attempts to foist ads for fake Chinese Ray-Ban sunglasses before my eyes. I've received (and reported to SpamCop.net) quite a few of their spam emails. Now they're using this new vector to get attention. How they pulled off the spam is new to me! The thing was sent via my iCloud.com account.

It should be easy to Delete anything inserted into the macOS Calendar. Right? That's the intuitive thing to do. Apple of course provide that option if you use the contextual menu while clicking on the spam calendar event. Except it's NOT delete at all. We're forced to either 'Cancel' and keep the spam or 'Decline' the event. When we 'Decline' the event, this is the same as shouting to the spam rat 'HEY! I'M A LIVE BODY! SPAM ME SOME MORE!' That's the very last thing we want to do. The spam rats will spam us further as a direct result of hitting 'Decline'.

The only recourse available is to ignore the Calendar spam. It will sit there in your Calendar forever. I hate that.

Result: Apple has inadvertently allowed a spam vector we cannot avoid! That has to end. I'll be sending Apple a kindly request to end this madness immediately. I'll also be corresponding with SpamCop.net to see if they can incorporate the reporting of such spam into their system. At the moment, their interface has no idea what to do with this kind of spam, despite the URL for the spam rat being incorporated in the 'Invite' code.

Meanwhile, similar spam is reported to be infesting iCloud Photo Sharing. Another great one Apple. :-P

Thankfully, there is a solution to this stupid spam problem in Calendar. I've provided some links to articles with the solution below. Sadly, there is not yet any solution the stupid spam problem in iCloud Photo Sharing. The best you can do is turn off iCloud Photo Sharing. When a solution arrives or Apple get their act together, I'll post again.

If you can read Dutch, this is the first website to figure out how to kill off the stupid spam problem in Calendars:

appletips, 2016-11-08

Both 9TO5MAC and TechTimes have provided translations of the solution as well as discussion:

9TO5MAC, 2016-11-09
Performing the steps below will move the spam invitation to a separate calendar, and from there, that calendar can be deleted. Thus, removing the spam invitation without having to hit “Decline” on the actual notification. . . .
Anu Passary, Tech Times, 2016-11-09
Any Solution For iCloud Photo Sharing Spam?The only option is to turn off the feature completely. To do so follow these steps: . . .
~ ~ ~ ~ ~


For those interested in the code buried behind these spam abominations, here is what I received (with personal and potentially dangerous data removed, as indicated in italic brackets):
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Apple Inc.//Mac OS X 10.12.1//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
TRANSP:TRANSPARENT
DTEND;VALUE=DATE:20161120
LAST-MODIFIED:20161118T134030Z
ORGANIZER;CN="黄周朝":/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1SrD6
 t8E_Di4m4H-sa/principal/
UID:7F700ED9-2C8B-DE19-5648-34298F6E1BD9
DTSTAMP:20161118T134034Z
DESCRIPTION:[URL of spam rat removed] $19.99 Ray-ban&Oakley Sunglasses Onli
 ne.Up To 80% Off Sunglasses.Compare And Save.
SEQUENCE:0
X-APPLE-TRAVEL-ADVISORY-BEHAVIOR:AUTOMATIC
SUMMARY:$19.99 Ray-ban&Oakley Sunglasses Online.Up To 80% Off Sunglasses
 .Compare And Save. [URL of spam rat removed]
DTSTART;VALUE=DATE:20161118
CREATED:20161118T141038Z
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at hotmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at yahoo.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CN="[Victim]";CUTYPE=INDIVIDUAL;EMAIL="[Victim at icloud.com]";PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:/aMTEyMDgzMTQxM
 TIwODMxNG5OQKIRBVWuL0Ah_fCetZ3Z3V61ZwF1SPf_pZtFhpme/principal/
ATTENDEE;CN="黄周朝";CUTYPE=INDIVIDUAL;EMAIL="[Nonsensical email address]";PARTSTA
 T=ACCEPTED;ROLE=CHAIR:/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1S
 rD6t8E_Di4m4H-sa/principal/
BEGIN:VALARM
X-WR-ALARMUID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
UID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
TRIGGER:-PT15H
X-APPLE-DEFAULT-ALARM:TRUE
ATTACH;VALUE=URI:Basso
ACTION:AUDIO
END:VALARM
END:VEVENT
END:VCALENDAR
The victim email addresses were apparently copied and pasted alphabetically from a distributed spam-it list. The victim IDs in this case all started with 'derek'-something. The victim email addresses were not exclusive to iCloud, as I've indicated above.

So Apple! What's with the sloppy attention to security lately? Wake up! You're making Google look good. And that's bad.


--

1 comment:

  1. Since I bought an Android phone a few months back, I've found myself increasingly liberated from the Applesphere. The only thing that keeps me hooked is the need to play my music library in iTunes. Now I'm feeling pretty uncomfortable about having a library that is almost entirely ALAC, though Apple has put that file format into the public domain.

    ReplyDelete