Category Archives: Malware Reports

Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report

imageI’m often asked why I host this Blog on WordPress.com – why I don’t self host, and maybe make a few dollars, while I’m at it, by running ads. So, I’ll start with the back-end first.

It’s not about money – far from it. I write this Blog to have a little bit of fun; to help keep my mind sharp (often a failing exercise  Smile  ) – and, to be part of a community which recognizes the need to educate computer users that the Internet is not all sweetness and light.

That’s the back-end – but, it’s the front-end that’s most important. WordPress does all the heavy lifting. All elements are taken care of: setup, upgrades, spam, backups, and site security. Site security might be last in the previous sentence but, it was the most important factor in my decision to use WordPress as my blogging platform.

Just a few of the security reasons:

Potential harmful activity is constantly monitored.

Blog PHP code can’t be modified.

Plugins can’t be uploaded.

JavaScript embed codes and CSS, are restricted.

I’m not suggesting that WordPress can’t, or won’t be hacked (nothing on the Internet is invulnerable to cyber criminals) – but, should sites hosted by WordPress.com fall to  the bad guys, those of us who rely on WP, will at least have a fighting chance to recover. This is not always the case for self-hosted sites.

Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming. And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.

More particularly, according to the Commtouch/StopBadware report – “about half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.”  Not a very effective method of discovering one’s site has been hacked. As opposed to WP’s – “Potential harmful activity is constantly monitored.”

Highlights from analysis of the survey’s responses include:

Over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.

Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.

Twenty six percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.

Forty percent of survey respondents changed their opinion of their web hosting provider following a compromise.

The report includes several examples of hacked websites, as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.

The following graphic illustrates why cyber criminals target web sites.

image

Courtesy – Commtouch

The full report is available for download (PDF format) at:

Commtouch

StopBadware

10 Comments

Filed under Blogging Tips, Cyber Crime, Malware Reports, Reports, Web Hosting

Are You A Sixty-Nine Percenter?

imageHopefully, you are not a member of the sixty-nine percent club. If you’re not, then you have not been a victim of cyber criminals – unlike the two thirds of online adults (69 percent), who have been a victim of cybercrime in their lifetime.

According to the United Nations telecommunications agency (January 2011), the number of Internet users now exceeds the two Billion mark, worldwide. It’s easy to see then, that cyber criminals have a virtually unlimited playground in which to ply their trade. And, they do just that – with a vengeance.

Symantec, in it’s recently released Norton Cybercrime Report 2011, makes the point that every second 14 adults become a victim of cyber crime – which translates into one Million+ Internet users who are duped by the detestable sleazebag members of the cyber criminal community – every day. Let’s take it a step further – if we annualize this number, we end up with a shocking 431 Million cyber crime victims.

image

Graphic courtesy of Symantec

The sheer number of victims is appalling, but the hard monetary costs involved are stunning.

Global cost of cybercrime – from Symantec:

With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).

At $388 Billion, cybercrime is more than 100 times the annual expenditure of UNICEF ($3.65 billion).

I’ll borrow a concept from the Real Estate industry for a moment, and that is – the concept of, “highest and best use”. The use of money can also be described in this way, and the following graphic illustrate how cybercrime can impact this concept at a societal level. It’s rather telling, what those diverted dollars, if employed elsewhere, could accomplish.

image

Graphic courtesy of Symantec

It’s important to understand that cyber criminals are not selective – it doesn’t matter where you reside – the entire Internet community is fair game.

image

Graphic courtesy of Symantec

While an installed Internet security suite (or a stand-alone AV application), won’t eliminate all cyber crime risks, it is effective in reducing risk exposure to manageable, and acceptable levels. One has to wonder why 41 % of those surveyed (as illustrated in the following graphic), connect to the Internet while running out-of-date security software.

image

Graphic courtesy of Symantec

It’s common practice for members of my group to query clients on the state of Internet security, the protective measures they have instituted to ensure both their own safety, and the safety of their systems, while connected to the Web – so, I’ll not take issue with the statistics in this graphic. Except to say – they may be underestimated.

Within my group, we find that a significant percentage of polled clients have little interest in Internet security, and fail to understand the vulnerabilities and issues that surround computer system security.

Common responses to queries include:

Security applications are too confusing and hinder my “fun” by slowing down system response time.

I didn’t know I shouldn’t click the ‘YOU ARE A WINNER!!!!’ banner.

My anti-malware application has let me down – how was I supposed to know I was downloading a bad program!

I’m not sure how my machine got infected – it just happened.

I like to download from Crack sites and Peer-2-Peer networks. So what?

I got a popup saying I was infected, so I clicked on it. What else was I supposed to do!

I didn’t know I was supposed to read the End User License Agreement – I don’t even know what that is.

I thought I had Windows update activated.

What do you mean I should update ALL my applications?

What’s a Firewall – never heard of it?

On the face of it, it might appear as if these types of responses are somehow not very typical. Unfortunately, these responses are not only typical, but characteristic of the majority of the home computer users’ my group comes into contact with every day.

Given this abysmal performance  the following is worth considering –  “In the past, the Internet consisted, mostly, of smart people in front of dumb terminals. Now, the reverse situation dominates”. It may seem a little facetious – but is it, really?

More and more it’s obvious to me, that relying on computer users taking responsibility for their own security and safety, is a non-starter. It’s just not happening. Personally, I hold out little hope that this will ever happen.

In the circumstances, it’s well past time that the “controlling interests” develop a rational approach to the underlying security issues surrounding the Internet – failing which, cyber crime will continue to flourish, and successful attacks on computers over the Internet will continue to proliferate.

Equally as important, in my view – we need a concerted effort from law enforcement, at every level, to actively pursue those who continue to cause havoc on the Internet.

Despite the fact that cyber crime could not be a more pressing problem – one which gives rise to significant human and financial costs – the naysayers, and the “can’t be done” proponents have the field, for the moment. But, only because we, as a society, allow it.

It’s time you demanded a much more aggressive response to cyber crime from those who are charged with ensuring your safety and security – whether it be in the “real” world, or the “virtual” world of the Internet. It’s time that you let your voice be heard. It’s time to emulate Peter Finch and state – “I’m as mad as hell and I’m not going to take it anymore!”

If you’re interested in the full Norton Cybercrime Report 2011, it’s available here in multiple languages.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Malware Reports, Norton, Reports, Symantec, Tech Net News

PandaLabs Second Quarter Security Landscape Report

imageIn a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

image

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

image

China, Thailand and Taiwan continue to lead infection rankings.

image

Top 10 least infected countries.

image

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Adware, Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Security Alerts, Malware Reports, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

PandaLabs Reports – 73,000 New Malware Threats EVERY DAY!

When I start my day, it never enters my mind to consider whether or not I’ll be mugged that day; if my home will be burglarized; or if I’ll be the victim of any type of crime. Except in one circumstance.

Each time I start an Internet session, I consciously consider the odds that I will be a victim of cyber criminals. I know I’ll have to deal with attempts to scam me; attempts to compromise my machine through driveby downloads; infected downloads and applications; infected web sites and redirections – the list goes on… and on …and on.

Little wonder then, that I was not in the least surprised to see PandaLabs reveal in their malware report on the most notable malware trends for the first 3 months of 2011,  that surfers are now exposed to 73,000 new malware threats every day –  an increase of 10,000 over the same time frame last year.

Report highlights:

Incidence of new malware has increased 26 percent over the same period last year.

PandaLabs now observes on average of 73,000 malware samples every day, an increase of 10,000.

Trojans remain the most popular type of threat, accounting for 70 percent of all malware.

Downloaders, a subtype of Trojan, have seen an astounding increase over the last 3 months.

New malware growth from Q1 2010 through Q1 2011.

image

Malware by type.

image

In the following graphic you’ll note that Downloaders, a lightweight Trojan since it contains only a few lines of code (making it harder to detect), have increased dramatically. Downloaders are particularly dangerous, since they are designed to connect to the Net to facilitate the downloading of additional malware.

image

I’ll risk sounding like a broken record, and repeat what I’ve said numerous times here –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Cyber Crime, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Internet Security Alerts, Malware Reports, Online Safety, PandaLabs, Safe Surfing, Software, trojans, Windows Tips and Tools

Search Engine Results – More Malware Surprises Than Ever!

google-logo Regardless of the fact that many of us are seasoned web surfers, and we tend to be cautious, we’re not likely to question a search engine’s output – and, we should.

Barracuda Labs 2010 Annual Security Report, released just days ago, should be an eye opener for those who blindly assume all search engine results are malware free. In fact, search engine malware has doubled since we last reported on this security issue in 2009.

Barracuda Labs most recent study, reviewed more than 157,000 trending topics and roughly 37 million search results on Bing, Google, Twitter and Yahoo. Overall research results indicated that cyber criminals have bumped up the level of search engine malware, as well as expanded their target market beyond Google.

Key highlights from the search result analysis include:

In June 2010, Google was crowned as “King” of malware, turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed.

As malware spread across the other search engines, the ratios were distributed more evenly by December 2010, with Google producing 38 percent of overall malware; Yahoo! at 30 percent; Bing at 24 percent and Twitter at eight percent.

The amount of malware found daily across the search engines increased 55 percent from 145.7 in June 2010 to 226.3 in December 2010.

One in five search topics lead to malware, while one in 1,000 search results lead to malware.

The top 10 terms used by malware distributors include the name of a Jersey Shore actress, the president, the NFL and credit score.

There’s little doubt that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Fact: Consumer confidence in the reliability of search engine results, including relevant ads, is seriously misplaced.

You can download the full Barracuda Labs 2010 Annual Security Report (PDF), at Barracuda Labs.

Update: March 5, 2011. The following comment illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, Free Internet Protection, Google, Interconnectivity, Internet Security Alerts, Malware Reports, Online Safety, Reports, Search Engines, System Security

McDonalds “Fillet O’ Phishing” Survey Scam

image Would you fill out an email survey, sponsored by McDonalds – if they paid you 250 dollars for completing it? I’ll go out on a limb here and say – yes you would. Just like most offers that sound overly attractive though – this offer is a scam.

This scam is not only plausible, but in appearance, it could easily pass for the real thing. Jump into this one though, and you’ll stand a good chance of losing your credit card information. So, no 250 dollars; just a real messy credit cleanup to look forward to.

image

Filling out the survey form really isn’t the hook – that comes later.

image

Clicking on the “proceed” link (this is where you supposedly get the 250 bucks), opens the following screen. All you have to do is provide your credit card details and additional personal information.

image

If, at this point, you don’t hear a loud warning bell resonating in your head – you’re about to become a cyber crime victim.

To add credibility (and reduce suspicion), victims of this scam are automatically redirected to the official McDonalds site – once the victim’s credit card details have been scooped by the crooks.

In August of 2010, when I first reported on this scam, which was then being “test marketed” by the cyber crooks in New Zealand and Australia, I made the following point –

The rest of us (non Australian or New Zealanders), shouldn’t be complacent because, for the moment, this scam is appearing only in that part of the world. If this scam works there, and I suspect it will work very well, there’s little doubt it will soon be on it’s way to you’re inbox.

Well, here it is in North America and according to the chat on the Net, this time out, the graphics on the survey and phishing pages are loaded directly from McDonald’s own website. You can rightfully accuse cyber crooks of being the lowest form of pond scum imaginable – but you can’t accuse them of not being technically sophisticated.

It’s the same old, same old, though – the first time I came across this scam was in 2006. This type of scam is recycled repeatedly – because it works. Reasonably intelligent people do get trapped by sophisticated scams. Due, in large part, to their failure to take minimum common sense security precautions. Don’t be one of them.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

f you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Malware Reports, Phishing, Windows Tips and Tools

PandLabs 2011 Security Trends Predictions

imageEvery year, I hold on to the belief that we’ve seen the worst that cyber-criminals can throw at us – so I’m always hopeful, that the outlook for the coming year might offer some improvement. As the years go by, inevitably it seems, my hopes have been dashed.

The Internet, despite its promises (many of which have come to pass, admittedly), has become a cesspool of cyber criminals (who continue to belittle us), scam and fraud artists, and worse. A cesspool that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software. And now it seems, we’re approaching the point where anarchy might well begin to rule the Internet.

The recent WikiLeaks kafuffle, with its counter play DDoS attacks pitting supporters against non-supporters, is a singular indication of how quickly the Internet can devolve into anarchy. No matter the views one may hold politically, with respect to the WikiLeaks disclosures, the use of hacktivism as a political tool is a worrisome trend.

PandaLabs, in its just released predictions covering the top security trends for 2011, is predicting an increase in the type of hacktivism the WikiLeaks conflict has pushed into the spotlight. Moreover, PandaLabs report paints a dismal picture of how the Internet threat landscape is likely to shift and change, in the coming year

According to PandaLabs, in addition to a new focus on hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year.

Report highlights:

Continued growth of new strains of malware creation

2010 marked a turning point in the cyber war, and PandaLabs expects more of the same in 2011

Cyber-protests, or hacktivism (e.g. Anonymous), are all the rage and will continue to grow in frequency

Social engineering will increase as cyber criminals increasingly use social platforms to launch distributed attacks

Windows 7 users will become a significant target for malware in 2011

Mobile security will be a top concern for Android users

As tablets gain market share, so will their appeal to be targeted by cyber criminals

As the market share of Mac users continues to grow, so will the number of threats

HTML5 will be the perfect target since a security hole can be exploited regardless of the browser

Highly dynamic and encrypted threats are expected to increase, given the financial incentive for information on the black market

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 63,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Reports, Windows Tips and Tools