Valentine’s “Love” In Your Inbox – Could Be Malware On Your Computer.

Valentine’s Day will be on us before we know it – so, it’s not too early to get ready for the deluge of  “I love you”, “Wish you were mine”………………., and of course, the customary – “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day – but, that happy feeling could be ruined, if you fall victim to the explosion of “spam and scam” that’s aimed at lovers, this time of year –  every year. Much of it designed to take a swing at unsuspecting users machines – leading to a malware infection.

In previous years, starting  just about this time, we saw abnormally high rates of this type of spam and, since cyber crooks are opportunity driven; we’ll see much more of this type of cybercriminal activity this year, I expect.

Perhaps you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. Could be – you get them so often, that you just automatically click on the email attachment without even thinking. If, you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is crafted around exploiting emotions. We’re all pretty curious creatures and, let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not impossible, to not peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse – redirect the victim to an unsafe site from which malware can be installed on the victim’s computer.

Here’s a tip – If you see something along the lines of – This email contains graphics, so if you don’t see them, view it in your browser – consider very carefully – before you click on the link.

A couple of years ago, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him. You’ll notice that “choosing” involved opening an executable file – a cardinal sin.

Fortunately, he got his geek on in time – common sense prevailed, and he backed out of this site. If he had clicked on this executable file, he would have begun the process of infecting his machine with a Trojan. A Trojan which, in this case, connected to a remote command and control site – (effectively, turning over control of his computer to a cybercriminal). Nasty – I think you’ll agree.

Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do; right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails, as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter.

Facebook.

Chat forums, and so on.

This just in @ 11:56

Uzbekistan Government Cancels Valentine’s Day

That settles it – I’m not giving any Uzbek women my love in protest. Sorry ladies.   🙂

March 2011 MessageLabs Intelligence Report – Rustock Goes Down, Bagle Botnet Picks Up The Slack

There’s been much more discussion recently as to whether infected computers should be allowed unrestricted access to the Internet. Despite the fact we’ve been around the horn on this question for years, there’s still little consensus on this thorny issue.

Since infected computers, linked together in botnets, form the backbone of spam distribution networks – according to the March 2011 MessageLabs Intelligence Report, botnets sent an average of 88.2% of global spam during 2010 – this question needs to be taken off the back burner and dealt with much more aggressively.

Frankly, I’m tired of making excuses for people who are too damn lazy, too damn stupid, too damn inconsiderate, ………. to take the time to learn the basics of computer security. And, as a consequence cause me, and you incidentally, to have to deal with volumes of spam that are beyond the pale.

Graphic courtesy of Symantec (Click to expand to original)

According to the March 2011, MessageLabs Intelligence Report (released yesterday), the recently taken down Rustock botnet “had been sending as many as 13.82 billion spam emails daily, accounting for an average of 28.5% of global spam sent from all botnets in March.”

A little math suggests, that during March enough Spam was emailed that conceivably, every person on the Planet received 7 spam emails EVERY DAY! Since every person on the Planet is not connected, the abuse takes on another magnitude. I can’t think of another finite resource – and the Internet is a finite resource – that could be continuously abused in this way, without some kind of strong kickback.

Are we making any headway against botnets and the cyber criminals behind them? Not according to the MessageLabs Intelligence Report we’re not. Sure, Rustock has bitten the dust (at least for the moment), but the Bagle botnet has stepped into the breech, bumped up its output, and is now sending 8.31 billion spam emails each day, mostly tied to pharmaceutical products.

Report highlights:

Spam: In March 2011, the global ratio of spam in email traffic from new and previously unknown bad sources decreased by 2 percent (1 in 1.26 emails).

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 208.9 emails (0.479 percent) in March, an increase of .134 percentage points since February. In March, 63.4 percent of email-borne malware contained links to malicious websites, a decrease of .1 percentage points since February.

Endpoint Threats: The endpoint is often the last line of defense and analysis. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering.

Phishing: In March, phishing activity was 1 in 252.5 emails (0.396 percent), a decrease of 0.065 percentage points since February.

Web security: Analysis of web security activity shows that an average of 2,973 websites each day were harbouring malware and other potentially unwanted programs including spyware and adware, a decrease of 27.5% since February. 37 percent of malicious domains blocked were new in March, a decrease of 1.9 percentage points since February. Additionally, 24.5 percent of all web-based malware blocked was new in March, a decrease of 4.2 percentage points since last month.

Reading this type of report (or at least the highlights), is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

The full MLI Report is available here in PDF.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

News From Symantec Hosted Services

We know, only too well, that cyber criminals take advantage of every opportunity that new and emerging technologies provide to expand their trade – data theft.

So, with the huge adoption rate in smart mobile devices, and our increased reliance on these devices (which are literally powerful computers), there is a more pronounced sense of urgency to protect the data stored on these sophisticated mobile devices from the threat of cybercrime.

Symantec Hosted Services, recognizing this need, recently announced enhancements to its MessageLabs Web Security Service roaming support options, that will allow organizations to further support the security needs of their mobile workforce.

According to Symantec – “The new enhancements will monitor and secure the online activity of a highly distributed workforce.  Drawing on findings from the recent MessageLabs Intelligence report highlighting the inappropriate web usage of mobile workers, SmartConnect and RemoteConnect for MessageLabs Hosted Web Security protect against malware, and enforces Web acceptable use policies for teleworkers, or employees, at remote offices.”

____________________________________________________

If you’ve noticed a significant drop in Spam in your inboxes lately, like I have, there’s good reason – according to Symantec Hosted Services.

On Sunday, October 3, Symantec Hosted Services noticed that global spam levels dropped to their lowest in a while. Symantec Hosted Services believes this drop was due to a decrease in output by the Rustock and Cutwail botnets.

For additional insight on how Symantec Hosted Services tracked last weekend’s spam drop via sophisticated botnet intelligence, what contribution to global spam each of the major botnets makes, and what factors influence botnet output, check out the MessageLabs  Intelligence blog report here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

An Interview With An Anarchist Hacker

We’ve reported on the issue of software piracy, and the theft of intellectual property, a number of times. So, it’s easy for me to sum up my position on this contentious matter – there is no justifiable reason to steal software, or the work of others. It is piracy, and it is a CRIME.

The recently released Seventh Annual BSA and IDC Global Software Piracy Study, made the point that “for every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software made its way onto the market.”

Selected findings from this study include:

Commercial value of software theft exceeds $50 billion: the commercial value of unlicensed software put into the market in 2009 totaled $51.4 billion.

Progress on piracy held through the recession: the rate of PC software piracy dropped in nearly half (49%) of the 111 economies studied, remained the same in 34% and rose in 17%.

Piracy continues to rise on a global basis: the worldwide piracy rate increased from 41% in 2008 to 43% in 2009; largely a result of exponential growth in the PC and software markets in higher piracy, fast growing markets such as Brazil, India and China.

It’s obvious then, that intellectual property theft is “big business”, and is unlikely to disappear any time soon. Currently in fact, there is a huge pushback campaign being waged against those organizations who support anti-piracy.

According to PandaLabs, the malware research arm of Panda Security, there is an ongoing offensive, appropriately called “Operation Payback”, which is employing targeted DDoS attacks against various companies and agencies, including the Motion Picture Association of America, and the Recording Industry Association of America, who support the anti-piracy lobby.

The question is – is there support out in the hinterland for this sort of hacking effort? If the following comment, which I picked up on a comment forum, is any indication, the answer is a resounding – YES.

“Big Media is reaping what they sowed and so its hard to find any sympathy for them or any fault in those who have found a way to fight back for much of the highly questionable actions these conglomerates and their law firms have taking these past few years.

The fact that they are unwilling to see how realistic this threat is to them just shows how arrogant or incompetent they are. While they won’t be getting help from me, these grass roots strike back at big media campaigns will find far more support and help on their end then what Big media could ever hope to buy.”

So, how and why, do those who are responsible for “Operation Payback” justify a criminal cyber attack against organizations whose mission is to enforce existing intellectual property rights?

Sean-Paul Correll, a threat researcher with Panda Security, in speaking with some of the organizers of  “Operation Payback” in a Q&A session, has discovered some surprising answers.

Here’s a small taste of Sean-Paul’s Q&A session –

If you were able to resolve this situation, what would you want the respective media authorities of the world to do?

A: Personally, I would want them to basically go the fuck away altogether. Remove the barbaric laws they have lobbied for. Treat people like PEOPLE instead of criminals. Their long outdated traditional views on copyright infringement enforced solely by rich and powerful corporations need to be modified in light of the modern age on the Internet, the Information Age.

Sean-Paul’s full Q&A session makes interesting reading and is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Idaho, Alabama, and South Carolina, You’re in the Spam Bulls Eye

If you live in Idaho, Alabama, or South Carolina, then Symantec Hosted Services, in its just released annual MessageLabs Intelligence special report ranking the most spammed U.S. states and territories, has bad news for you – you’re at the top of the target list for spam in the US.

The report reveals, that these three US states are targeted more often by spammers, leading to spam rates above the national US average of 89.3%. The report doesn’t offer an analysis as to why these three states are at the top of the pile, but I’m certainly curious.

Here’s a recap of the report:

Most spammed states/territories: The top spammed U.S. states are Idaho, Alabama, and South Carolina, with spam rates above 93 percent, well over the national average of 89.3 percent. These are followed by Indiana, Tennessee, Illinois, Utah, Washington, New Hampshire and North Carolina. Idaho tops the list for the second year in a row as the state/territory with the most spam.

Least spammed states/territories: The least spammed states/territories are Puerto Rico, Montana and Louisiana. Puerto Rico returns as the least spammed for the second consecutive year.

Most spammed U.S. industries: In the U.S., the most spammed industries are engineering, automotive and construction while the least spammed are finance, admin/business support services and public sector.

SMBs receive more spam than enterprises: Areas with greater populations of small-to-medium sized businesses (SMBs) are likely to receive the greatest proportion of spam. Similarly, the least spammed areas are often home to some of the largest companies.

In the report, MessageLabs Intelligence Senior Analyst, Paul Wood, had this to say on the true cost of spam –  “Spam isn’t just a simple annoyance to businesses, but a real threat that can consume resources and put valuable information at risk regardless of location …… even the most intricate scams are now widespread and the sheer size and power of today’s botnets are making possible what was once unthinkable.”

The MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed  global analysis, and tips on how to stamp out spam. The full report is available here.

AboutMessage Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Is It Paranoia If They’re REALLY After You On The Internet?

By chance, I met a very interesting cab driver this past weekend; one who was extremely computer competent, and far more security conscious than the typical computer user I normally meet informally.

What struck me immediately, was Mike’s sense of computer paranoia, particularly surrounding his use of his computer on the Internet, which extended to the installation of software from download sites, and even included a reluctance to install software obtained from “friends”.

Is Mike’s paranoia justified, do you think?

Before you decide, consider the following news items – just some of the malware related contented I posted to my Tech Net News column in the past week.

For Sale: Thousands Of Hacked Twitter Accounts – Russian cybercriminal forums offer batches of 1,000 hacked accounts for less than $200.

Poisoned PDFs? Here’s Your Antidote – Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. We’ll show you how to stay safe.

Bugnets Could Spy on You via Mobile Devices – New botnets designed for mobile gear may allow remote attackers to see and hear their potential victims, no matter where they are.

WARNING: Facebook Malware Attack Behind Distracting Beach Babes Video – A Facebook malware attack is on the loose this weekend, enticing users to click a “Distracting Beach Babes” video on their Facebook Walls. If you see this video on Facebook today, do not click the link: Doing so, and downloading a linked file, will result in malware being installed on your computer.

Fake joke worm wriggles through Facebook – Shifty sorts have created a new worm which spread rapidly on Facebook on Friday. The malware, for now at least, does nothing more malicious than posting a message on an infected user’s Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

New Twitter Worm Abuses iPhone App – The attack abuses Twitter trending topics — a popular source of abuse — but with a twist: Rather than installing fake antivirus software like most similar attacks, it installs a new banking Trojan that steals online banking accounts, credit card PIN numbers, and online payment system passwords, according to Kaspersky Lab.

Hackers Using the Final Episode Of “Lost” To Spread The MySecurityEngine Fake Antivirus – PandaLabs, Panda Security’s antimalware laboratory, has in the last few hours, detected the proliferation in search engines of numerous Web pages distributing the MySecurityEngine fake antivirus. The ‘bait’ used in this case has been the much anticipated final episode of the popular ABC series “Lost.”

Fake Amazon emails contain Trojan – Emails that seem to come from Amazon, confirming an order has been received and that goods have been dispatched, could contain a Trojan.

Research: 1.3 Million Malicious Ads Viewed Daily – The true extent of the malvertizing scourge became much clearer this week with the release of new research by Dasient which shows that about 1.3 million malicious ads are being viewed online everyday, most pushing drive-by downloads and fake security software.

Build-A-Botnet Kits Let Anyone Steal Data – At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, “You don’t need to be tech savvy” to steal data. It’s a sad but true reality that isn’t much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware.

Facebook Users Warned of Sexy ‘Candid Camera Prank’ Attack – Security firms warn of a new Facebook attack tricking users into downloading a video player that’s actually adware, and maybe worse.

Worst Phishing Pest May be Revving Up – The single most active group for stealing identities and pilfering electronic bank accounts over the Internet has nearly ground to a halt, but the lull could be the precursor to an even worse crime spree, according to a new study.

So, is it paranoia if they really are after you? Well I can assure you, if you are connected to the Internet, and if the news items listed above are any indication (and they are) – they really are after you!

So, is it time for you to develop a case of healthy paranoia while surfing the Internet, and to stay actively aware of current threats to your personal and computer security?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Rustock Botnet Eclipses Cutwail As the Biggest Botnet

When you run a business, market position needs to be foremost in your mind – you can’t let the competition get one step ahead.

Spam is a business, just like any other business, and the strategies and tactics that apply to legitimate business apply equally to an illegal business like Spam.

Technical sophistication, in terms of both creativity and delivery techniques, continue to improve in the Spam marketplace, motivated of course, by the cyber criminals’ need to generate increasing opportunity for financial gain and identity theft.

MessageLabs April 2010 Intelligence Report indicates there has been some jockeying for position in the Spam Botnet marketplace, where the Rustock Botnet has now surpassed Cutwail as the biggest botnet, both in terms of the amount of spam it sends, and the amount of active bots under its control. Rustock is now responsible for 32.8 percent of all spam.

So, what does this mean to you, and me, in terms of risk? As an indication of the substantial risk we continue to face from Spam, MessageLabs Intelligence reports in their April 2010 release, that they intercepted 36,208 unique strains of Spam delivered malware during the month, which translates into 1 in every 287 emails packed with a virus.

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

Symantec’s latest MessageLabs Intelligence Report is scary stuff, and I encourage you to read this report which will give you some indication of where we’re likely headed, and what we’ll have to deal with.

MessageLabs Intelligence report highlights:

Spam: In April 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.9 percent (1 in 1.11 emails), a decrease of 0.8 percentage points since March.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 340.7 emails (0.294 percent) in April, an increase of 0.01 percentage points since March. In April 28.9 percent of email-borne malware contained links to malicious websites, an increase of 12.1 percentage points since March.

Phishing: In April, phishing activity was 1 in 455.2 emails (0.219 percent) an increase of 0.03 percentage points since March. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had increased by 5.7 percentage points to 70.3 percent of all email-borne threats.

Web security: Analysis of web security activity shows that 10.9 percent of all web-based malware intercepted was new in April, a decrease of 4.0 percentage points since March. MessageLabs Intelligence also identified an average of 1,675 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 12.7 percent since March.

Geographical Trends:

· Spam levels in Italy rose to 95.5 percent in April positioning it as the most spammed country.

· In the US, 90.2 percent of email was spam and 88.9 percent in Canada. Spam levels in the UK rose to 89.4 percent.

· In the Netherlands, spam accounted for 91.5 percent of email traffic, while spam levels reached 89.4 percent in Australia and 92.3 percent in Germany.

· Spam levels in Hong Kong reached 91.0 percent and spam levels in Japan were at 86.9 percent.

· Virus activity in Taiwan was 1 in 76.3 emails, keeping it as the most targeted country for email-borne malware in April.

· Virus levels for the US were 1 in 646.3 and 1 in 416.2 for Canada. In Germany, virus levels were 1 in 471.0, 1 in 1,120.0 for the Netherlands, 1 in 416.5 for Australia, 1 in 501.0 for Hong Kong, 1 in 1,161.0for Japan and 1 in 613.0 for Singapore.

· UK remained the most active country for phishing attacks in April with 1 in 199.7 emails.

Vertical Trends:

· In April, the most spammed industry sector with a spam rate of 94.9 percent remained the Engineering sector.

· Spam levels for the Education sector were 91.1 percent, 90.2 percent for the Chemical & Pharmaceutical sector, 90.7 percent for IT Services, 90.9 percent for Retail, 88.4 percent for Public Sector and 88.4 percent for Finance.

· In April, the Public Sector remained the most targeted industry for malware with 1 in 99.1 emails being blocked as malicious.

· Virus levels for the Chemical & Pharmaceutical sector were 1 in 438.2, 1 in 487.5 for the IT Services sector, 1 in 600.2 for Retail, 1 in 109.6 for Education and 1 in 365.9 for Finance.

The full April 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spam Words That Motivate and Engage Your Subconscious

Words, in good advertising, pack a punch. Power words are meant to impact, to provide impetus for action,  and not surprisingly, to engage your subconscious.

Spam, at its core is a form of advertising; advertising that works. Symantec Hosted Services security experts have detected patterns in spam word usage, identifying the most commonly used words.

Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services, has written an instructive article in which he outlines, how word use helps spammers achieve their objectives.

Reading this type of article is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

From the MessageLabs Intelligence Blog:

There is a huge variety in the types of spam that are sent all over the internet, but there are patterns to be found in the chaos.

One way to see patterns is to look at the words most commonly used in spam. If we take a random sample of global spam over a one week period, then there is quite a jumble of topics, but even through all the noise you can see certain words still stand out, as illustrated here (the larger a word, the more often it occurs):

As you can see, the popular words are fairly generic but all seem to be geared towards encouraging an immediate reaction, trying to get some sense of urgency. This is further indicated by the fact that 5 of the top 6 words have an exclamation mark. Spammers like to create a sense of urgency in their messages, as the less time someone spends thinking about it, the less likely they are to realize it is in fact a scam of some type.

Individual botnets have different profiles from general spam though, they tend to have more restricted sets of words used…..

To continue reading this article go here.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from their control towers around the world, scanning billions of messages each week.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Panda Security Instrumental in Taking Down Mariposa Botnet

Comments on this Blog, and elsewhere, vis a vis, what needs to be done to deal with cyber criminals who have successfully attacked the Internet’s fundamental framework at every opportunity (it seems the opportunities are endless), range from simple outrage, to implementing the death penalty (no, I’m not kidding), for those convicted of cyber crime.

I must confess, that in frustration, the thought of bringing back the Stocks, and the tarring and feathering of convicted cyber criminals, has crossed my mind.

The more reasonable comments however, all tend to revolve around the same questions.

Where are the cops when we need them? Why doesn’t an International task force exist to deal with this issue? Why are the “big name” technology companies sitting back and watching the Internet being destroyed by criminals.

Finally, it appears that the winds of change are beginning to blow in our favor, in this seemingly never ending battle against cyber criminals. We are now beginning to see International cooperating, the establishing of selected Task Forces, and the active involvement of some of the larger technology companies, in addressing cyber crime. Not a moment too soon, in my view.

In late February, Microsoft (a member of the Botnet Task Force), was successful in obtaining, and implementing, a court order aimed at the 277 domain names accused of facilitation the activities of the Waledac botnet, effectively shutting down the command and control centers of Waledac and its attached zombie computers.

In the same vein, Panda Security has just released information describing its participation in an operation aimed at taking down Mariposa, a Spanish botnet, which according to a report obtained from Panda, was considered to be, “one of the world’s biggest networks of virus-infected computers, responsible for compromising 13 Million unique IP addresses and 50 percent of Fortune 1000 companies around the world”.

(Mariposa in operation)

According to Panda, those involved in Mariposa “made money by selling parts of the botnet, installing pay-per-install toolbars, selling stolen credentials for online services, and using the stolen banking credentials, and credit cards, to make transactions to overseas mules”.

Panda Security’s efforts, while working in cooperation with Defense Intelligence, a Canadian company that first identified Mariposa, the Georgia Tech Information Security Center,  the FBI, and the Spanish Civil Guard, has effectively shut down this scourge and has led to the arrest, earlier this month, of the three principals involved. It appears that additional arrests may be made in other countries.

All of this is good news for Internet consumers; most particular, the level of cooperation exhibited between the various factions involved in the take down. I’m cautiously optimistic, that a joint effort like this, may be the beginning of a more concentrated effort to root out those who threaten the viability of the Internet.

But a word of caution: those involved should not just gather laurels based on this single successful operation. Instead, redouble your efforts, form additional strategic alliances, and finish off these parasites. We, the Internet public, demand nothing less.

A more comprehensive report from Panda Security’s forensic analysis is available here.

Alternatively you may watch the following video, in which Panda Security’s Luis Corrons describes the operation of the Mariposa Botnet.

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology.

Panda Security has 56 offices throughout the globe with US headquarters in California and European headquarters in Spain. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.