Category Archives: bots

Valentine’s “Love” In Your Inbox – Could Be Malware On Your Computer.

imageValentine’s Day will be on us before we know it – so, it’s not too early to get ready for the deluge of  “I love you”, “Wish you were mine”………………., and of course, the customary – “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day – but, that happy feeling could be ruined, if you fall victim to the explosion of “spam and scam” that’s aimed at lovers, this time of year –  every year. Much of it designed to take a swing at unsuspecting users machines – leading to a malware infection.

In previous years, starting  just about this time, we saw abnormally high rates of this type of spam and, since cyber crooks are opportunity driven; we’ll see much more of this type of cybercriminal activity this year, I expect.

Perhaps you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. Could be – you get them so often, that you just automatically click on the email attachment without even thinking. If, you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is crafted around exploiting emotions. We’re all pretty curious creatures and, let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not impossible, to not peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse – redirect the victim to an unsafe site from which malware can be installed on the victim’s computer.

Here’s a tip – If you see something along the lines of – This email contains graphics, so if you don’t see them, view it in your browser – consider very carefully – before you click on the link.

A couple of years ago, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him. You’ll notice that “choosing” involved opening an executable filea cardinal sin.

image

Fortunately, he got his geek on in time – common sense prevailed, and he backed out of this site. If he had clicked on this executable file, he would have begun the process of infecting his machine with a Trojan. A Trojan which, in this case, connected to a remote command and control site – (effectively, turning over control of his computer to a cybercriminal). Nasty – I think you’ll agree.

Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do; right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails, as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter.

Facebook.

Chat forums, and so on.

This just in @ 11:56

Uzbekistan Government Cancels Valentine’s Day

That settles it – I’m not giving any Uzbek women my love in protest. Sorry ladies.   🙂

11 Comments

Filed under bots, Cyber Crime, Cyber Criminals, Email, Malware Alert, Social Networks, spam

March 2011 MessageLabs Intelligence Report – Rustock Goes Down, Bagle Botnet Picks Up The Slack

imageThere’s been much more discussion recently as to whether infected computers should be allowed unrestricted access to the Internet. Despite the fact we’ve been around the horn on this question for years, there’s still little consensus on this thorny issue.

Since infected computers, linked together in botnets, form the backbone of spam distribution networks – according to the March 2011 MessageLabs Intelligence Report, botnets sent an average of 88.2% of global spam during 2010 – this question needs to be taken off the back burner and dealt with much more aggressively.

Frankly, I’m tired of making excuses for people who are too damn lazy, too damn stupid, too damn inconsiderate, ………. to take the time to learn the basics of computer security. And, as a consequence cause me, and you incidentally, to have to deal with volumes of spam that are beyond the pale.

image

Graphic courtesy of Symantec (Click to expand to original)

According to the March 2011, MessageLabs Intelligence Report (released yesterday), the recently taken down Rustock botnet “had been sending as many as 13.82 billion spam emails daily, accounting for an average of 28.5% of global spam sent from all botnets in March.”

A little math suggests, that during March enough Spam was emailed that conceivably, every person on the Planet received 7 spam emails EVERY DAY! Since every person on the Planet is not connected, the abuse takes on another magnitude. I can’t think of another finite resource – and the Internet is a finite resource – that could be continuously abused in this way, without some kind of strong kickback.

Are we making any headway against botnets and the cyber criminals behind them? Not according to the MessageLabs Intelligence Report we’re not. Sure, Rustock has bitten the dust (at least for the moment), but the Bagle botnet has stepped into the breech, bumped up its output, and is now sending 8.31 billion spam emails each day, mostly tied to pharmaceutical products.

Report highlights:

Spam: In March 2011, the global ratio of spam in email traffic from new and previously unknown bad sources decreased by 2 percent (1 in 1.26 emails).

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 208.9 emails (0.479 percent) in March, an increase of .134 percentage points since February. In March, 63.4 percent of email-borne malware contained links to malicious websites, a decrease of .1 percentage points since February.

Endpoint Threats: The endpoint is often the last line of defense and analysis. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering.

Phishing: In March, phishing activity was 1 in 252.5 emails (0.396 percent), a decrease of 0.065 percentage points since February.

Web security: Analysis of web security activity shows that an average of 2,973 websites each day were harbouring malware and other potentially unwanted programs including spyware and adware, a decrease of 27.5% since February. 37 percent of malicious domains blocked were new in March, a decrease of 1.9 percentage points since February. Additionally, 24.5 percent of all web-based malware blocked was new in March, a decrease of 4.2 percentage points since last month.

Reading this type of report (or at least the highlights), is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

The full MLI Report is available here in PDF.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Interconnectivity, MessageLabs, spam, Symantec, Windows Tips and Tools

News From Symantec Hosted Services

image

We know, only too well, that cyber criminals take advantage of every opportunity that new and emerging technologies provide to expand their trade – data theft.

So, with the huge adoption rate in smart mobile devices, and our increased reliance on these devices (which are literally powerful computers), there is a more pronounced sense of urgency to protect the data stored on these sophisticated mobile devices from the threat of cybercrime.

Symantec Hosted Services, recognizing this need, recently announced enhancements to its MessageLabs Web Security Service roaming support options, that will allow organizations to further support the security needs of their mobile workforce.

According to Symantec – “The new enhancements will monitor and secure the online activity of a highly distributed workforce.  Drawing on findings from the recent MessageLabs Intelligence report highlighting the inappropriate web usage of mobile workers, SmartConnect and RemoteConnect for MessageLabs Hosted Web Security protect against malware, and enforces Web acceptable use policies for teleworkers, or employees, at remote offices.”

____________________________________________________

If you’ve noticed a significant drop in Spam in your inboxes lately, like I have, there’s good reason – according to Symantec Hosted Services.

On Sunday, October 3, Symantec Hosted Services noticed that global spam levels dropped to their lowest in a while. Symantec Hosted Services believes this drop was due to a decrease in output by the Rustock and Cutwail botnets.

For additional insight on how Symantec Hosted Services tracked last weekend’s spam drop via sophisticated botnet intelligence, what contribution to global spam each of the major botnets makes, and what factors influence botnet output, check out the MessageLabs  Intelligence blog report here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, cell phone, Connected Devices, Email, Enterprise Applications, Malware Reports, MessageLabs, Software, spam, Symantec, System Security, Windows Tips and Tools

An Interview With An Anarchist Hacker

imageWe’ve reported on the issue of software piracy, and the theft of intellectual property, a number of times. So, it’s easy for me to sum up my position on this contentious matter – there is no justifiable reason to steal software, or the work of others. It is piracy, and it is a CRIME.

The recently released Seventh Annual BSA and IDC Global Software Piracy Study, made the point that “for every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software made its way onto the market.”

Selected findings from this study include:

Commercial value of software theft exceeds $50 billion: the commercial value of unlicensed software put into the market in 2009 totaled $51.4 billion.

Progress on piracy held through the recession: the rate of PC software piracy dropped in nearly half (49%) of the 111 economies studied, remained the same in 34% and rose in 17%.

Piracy continues to rise on a global basis: the worldwide piracy rate increased from 41% in 2008 to 43% in 2009; largely a result of exponential growth in the PC and software markets in higher piracy, fast growing markets such as Brazil, India and China.

It’s obvious then, that intellectual property theft is “big business”, and is unlikely to disappear any time soon. Currently in fact, there is a huge pushback campaign being waged against those organizations who support anti-piracy.

According to PandaLabs, the malware research arm of Panda Security, there is an ongoing offensive, appropriately called “Operation Payback”, which is employing targeted DDoS attacks against various companies and agencies, including the Motion Picture Association of America, and the Recording Industry Association of America, who support the anti-piracy lobby.

The question is – is there support out in the hinterland for this sort of hacking effort? If the following comment, which I picked up on a comment forum, is any indication, the answer is a resounding – YES.

“Big Media is reaping what they sowed and so its hard to find any sympathy for them or any fault in those who have found a way to fight back for much of the highly questionable actions these conglomerates and their law firms have taking these past few years.

The fact that they are unwilling to see how realistic this threat is to them just shows how arrogant or incompetent they are. While they won’t be getting help from me, these grass roots strike back at big media campaigns will find far more support and help on their end then what Big media could ever hope to buy.”

So, how and why, do those who are responsible for “Operation Payback” justify a criminal cyber attack against organizations whose mission is to enforce existing intellectual property rights?

Sean-Paul Correll, a threat researcher with Panda Security, in speaking with some of the organizers of  “Operation Payback” in a Q&A session, has discovered some surprising answers.

Here’s a small taste of Sean-Paul’s Q&A session –

If you were able to resolve this situation, what would you want the respective media authorities of the world to do?

A: Personally, I would want them to basically go the fuck away altogether. Remove the barbaric laws they have lobbied for. Treat people like PEOPLE instead of criminals. Their long outdated traditional views on copyright infringement enforced solely by rich and powerful corporations need to be modified in light of the modern age on the Internet, the Information Age.

Sean-Paul’s full Q&A session makes interesting reading and is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under bots, cybercrime, Interconnectivity, Panda Security, PandaLabs, Personal Perspective, Windows Tips and Tools

Idaho, Alabama, and South Carolina, You’re in the Spam Bulls Eye

image If you live in Idaho, Alabama, or South Carolina, then Symantec Hosted Services, in its just released annual MessageLabs Intelligence special report ranking the most spammed U.S. states and territories, has bad news for you – you’re at the top of the target list for spam in the US.

The report reveals, that these three US states are targeted more often by spammers, leading to spam rates above the national US average of 89.3%. The report doesn’t offer an analysis as to why these three states are at the top of the pile, but I’m certainly curious.

Here’s a recap of the report:

Most spammed states/territories: The top spammed U.S. states are Idaho, Alabama, and South Carolina, with spam rates above 93 percent, well over the national average of 89.3 percent. These are followed by Indiana, Tennessee, Illinois, Utah, Washington, New Hampshire and North Carolina. Idaho tops the list for the second year in a row as the state/territory with the most spam.

Least spammed states/territories: The least spammed states/territories are Puerto Rico, Montana and Louisiana. Puerto Rico returns as the least spammed for the second consecutive year.

Most spammed U.S. industries: In the U.S., the most spammed industries are engineering, automotive and construction while the least spammed are finance, admin/business support services and public sector.

SMBs receive more spam than enterprises: Areas with greater populations of small-to-medium sized businesses (SMBs) are likely to receive the greatest proportion of spam. Similarly, the least spammed areas are often home to some of the largest companies.

In the report, MessageLabs Intelligence Senior Analyst, Paul Wood, had this to say on the true cost of spam –  “Spam isn’t just a simple annoyance to businesses, but a real threat that can consume resources and put valuable information at risk regardless of location …… even the most intricate scams are now widespread and the sheer size and power of today’s botnets are making possible what was once unthinkable.”

The MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed  global analysis, and tips on how to stamp out spam. The full report is available here.

AboutMessage Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under bots, cybercrime, Don't Get Scammed, Email, email scams, Malware Reports, MessageLabs, Symantec, Tech Net News, Windows Tips and Tools

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, Malware Advisories, MessageLabs, Online Safety, Symantec, Tech Net News, Windows Tips and Tools

Is It Paranoia If They’re REALLY After You On The Internet?

paranoia 2By chance, I met a very interesting cab driver this past weekend; one who was extremely computer competent, and far more security conscious than the typical computer user I normally meet informally.

What struck me immediately, was Mike’s sense of computer paranoia, particularly surrounding his use of his computer on the Internet, which extended to the installation of software from download sites, and even included a reluctance to install software obtained from “friends”.

Is Mike’s paranoia justified, do you think?

Before you decide, consider the following news items – just some of the malware related contented I posted to my Tech Net News column in the past week.

For Sale: Thousands Of Hacked Twitter Accounts – Russian cybercriminal forums offer batches of 1,000 hacked accounts for less than $200.

Poisoned PDFs? Here’s Your Antidote – Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. We’ll show you how to stay safe.

Bugnets Could Spy on You via Mobile Devices – New botnets designed for mobile gear may allow remote attackers to see and hear their potential victims, no matter where they are.

WARNING: Facebook Malware Attack Behind Distracting Beach Babes Video – A Facebook malware attack is on the loose this weekend, enticing users to click a “Distracting Beach Babes” video on their Facebook Walls. If you see this video on Facebook today, do not click the link: Doing so, and downloading a linked file, will result in malware being installed on your computer.

Fake joke worm wriggles through Facebook – Shifty sorts have created a new worm which spread rapidly on Facebook on Friday. The malware, for now at least, does nothing more malicious than posting a message on an infected user’s Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

New Twitter Worm Abuses iPhone App – The attack abuses Twitter trending topics — a popular source of abuse — but with a twist: Rather than installing fake antivirus software like most similar attacks, it installs a new banking Trojan that steals online banking accounts, credit card PIN numbers, and online payment system passwords, according to Kaspersky Lab.

Hackers Using the Final Episode Of “Lost” To Spread The MySecurityEngine Fake Antivirus – PandaLabs, Panda Security’s antimalware laboratory, has in the last few hours, detected the proliferation in search engines of numerous Web pages distributing the MySecurityEngine fake antivirus. The ‘bait’ used in this case has been the much anticipated final episode of the popular ABC series “Lost.”

Fake Amazon emails contain Trojan – Emails that seem to come from Amazon, confirming an order has been received and that goods have been dispatched, could contain a Trojan.

Research: 1.3 Million Malicious Ads Viewed Daily – The true extent of the malvertizing scourge became much clearer this week with the release of new research by Dasient which shows that about 1.3 million malicious ads are being viewed online everyday, most pushing drive-by downloads and fake security software.

Build-A-Botnet Kits Let Anyone Steal Data – At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, “You don’t need to be tech savvy” to steal data. It’s a sad but true reality that isn’t much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware.

Facebook Users Warned of Sexy ‘Candid Camera Prank’ Attack – Security firms warn of a new Facebook attack tricking users into downloading a video player that’s actually adware, and maybe worse.

Worst Phishing Pest May be Revving Up – The single most active group for stealing identities and pilfering electronic bank accounts over the Internet has nearly ground to a halt, but the lull could be the precursor to an even worse crime spree, according to a new study.

So, is it paranoia if they really are after you? Well I can assure you, if you are connected to the Internet, and if the news items listed above are any indication (and they are) – they really are after you!

So, is it time for you to develop a case of healthy paranoia while surfing the Internet, and to stay actively aware of current threats to your personal and computer security?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

22 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, FaceBook, Internet Safety, Internet Security Alerts, Malware Advisories, System Security, trojans, Twitter, Viruses, Windows Tips and Tools, worms