Spam and Botnets – Who’s Responsible?

A fairly recent survey on Internet security released by the National Cyber Security Alliance (NCSA), determined – “U.S. consumers don’t understand botnets; networks of compromised computers that have become one of the major methods for attacking computer systems”.

Pointedly, Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” people don’t know how to keep their computers secure.

The information gathered in this survey is not new to experienced computer users’, or to those of us involved in Internet and system security. It seems to me, that this is simply repackaged information that we have had access to, in some cases, for years. In fact, the statements in this survey can be applied to worldwide Internet users’ and are not restricted to just users’ in the U.S.

I think that one would have to have been on an extended vacation from both computers and cyber space, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time.

Consider this – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

So the question is, why is the average, or typical computer user, so lacking in knowledge when it comes to Internet security precautions; some might say even negligently so?

Problem solving this issue does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article, summed up this issue particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take Internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the (dryer) lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the root of this problem: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all, Internet users’.

We are long past the point where we need to stop just talking about this issue. We need to stop being part of the fear campaign and the feeling of helplessness that accompanies it, and develop appropriate solutions.

Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where little or no user interaction is required to maintain the security of the system. Microsoft’s soon to be released Windows 7 operating system, developed with security in mind, appears to be a step in that direction.

More to the point however, a massive change in Internet users’ attitudes and perceptions needs to take place. Users’ have to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem, but instead, are part of the solution.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser addon which takes security this one step further. The solicited opinions of users/members, on a web site’s safety, are incorporated into the overall site safety rating.

There are other solutions of course; some draconian, some less so, but unless we as computer users take responsibility for our own online safety, you can be sure that governments will eventually introduce measures that will be considered draconian.

We now live in the age of the “interconnectedness of all things”, in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists; and here we are, back to the concept of draconian government imposed Internet security measures.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and amongst other solutions, insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer. If you reduce your exposure to successful attacks on your machine, then downstream you are helping to protect my machine and those of others.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of.

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spammers Go Short – Cut Link Lengths

The presence of shortened URLs in spam has skyrocketed over the past few days and now appears in more than two percent of all spam, according to MessageLabs Intelligence.

With many social networking sites providing character restrictions on status updates and messages, the use of free URL redirection services which turn lengthy web addresses into shortened URLs, is increasing in popularity with spammers for a number of reasons.

According to Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec – “There are literally dozens of websites that offer URL shortening services and spammers have realized that using these services eliminates the need to solve a CAPTCHA or register an account.”

“The newly shortened URLs also help cybercriminals disguise the true destination of where their victims will click through to, posing further risks of entering websites used to conduct drive-by malware attacks as well as spam. Donbot, the botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits using this technique. Links of any size all need to be treated with caution.” Since you are a cautious Internet user, you know that, right?

For more information on email security, checkout MessageLabs Solutions.

Downadup Worm – Lightning Speed PC Infection

Nearly nine million PCs worldwide have been infected by the Downadup worm, and the number is set to rise, experts have warned.

Finnish security firm F-Secure said that 8.9 million computers were now infected – a massive rise since four days ago, when 2.4 million PCs had the worm.

The Downadup worm, also known as the Conficker worm, can spread through local area networks, the internet and on removable storage devices, the company warned.

“Downadup has ‘old school’ worm functionality (no user interaction required), the likes of which we haven’t really seen for a while now. It also knows some current tricks,” Sean Sullivan of F-Secure said.

A recent report from rival security firm Secunia revealed that 98 per cent of home PCs were not secure.

For more on this checkout Web User UK, and What’s On My PC by fellow Blogger Rick Robinnette.

Catch the Bad Bots with Free RUBotted from Trend Micro

Bots, an abbreviation of “robots”, are good. Then again, Bots are bad. So which one of those statements is correct? In fact, both are correct – there are good Bots, and there are bad Bots.

Technology, in most cases, is neutral – it’s how we implement technology that establishes its value, and impacts any ethical questions that surrounds its use.

Good Bots include special software such as search engine spiders used by companies like Google, Yahoo and others to find links and content on the Internet. The Internet would not be, and could not be, the Internet we have come to know, and depend on, without these specialized Bots.

Bad or malicious Bots, in contrast, are designed to infiltrate computer systems with the objective of “herding”, or consolidating, systems into so called “Botnets”, whose primary aim is to create a network of compromised computers such as the infamous Storm Botnet (a P2P network), which according to many experts had the power of a supercomputer.

The power of the Storm Botnet was such, that it was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Many security experts believe that Botnets are responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these Botnets tend to be male enlargement drugs, replica watches and sexually explicit material.

The strategy employed by the owners of these Botnets is particular ingenious, since there’s a strategic crossover with the products being promoted by all five of these Botnets.

Frighteningly it is accurate to say that these Botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million Botnetted computers in the U.S.

Worse, some security firms estimate that currently there are as many as 10 million Botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. It seems sensible to predict, that malware and phishing attacks from these Botnets can be expected to increase in frequency.

For your own benefit, it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected.

The way to do that is to ensure that you are part of the solution; not part of the problem created by running an unsecured machine, (which means installing as many levels of protection as possible), or by engaging in unsafe surfing practices.

To help you keep your computer from being herded into a Botnet, Trend Micro has released a beta of RUBotted, a small program that watches for incoming Bot related traffic, which is worth considering adding to your security toolbox.

Fast facts:

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for Bot related activities. RUBotted intelligently monitors your computer’s system behavior for activities that are potentially harmful to both your computer and other people’s computers.

RUBotted monitors for remote command and control (C&C) commands sent from a Bot-herder to control your computer. Additionally, RUBotted watches for an array of potentially malicious Bot-related activities, including mass mailing – a common activity performed by a Bot-infected computer.

RUBotted co-exists with your existing AV software, providing advanced Bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection.

Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

Operating System requirements:

Windows 2000 Professional (Latest Service Pack Installed)

Windows XP Professional or Home Edition (Latest Service Pack Installed)

Windows 2003 Server (Latest Service Pack Installed)

Windows Vista (32 Bit with Latest Service Pack Installed)

Note from Trend Micro: RUBotted cannot protect computers running Panda Internet Security 2008.

Download at: Trend Micro