Tag Archives: botnets

Your Website Traffic Log – The Trap Door To Spread Viruses?

Checking your Website traffic stats is not without some risk, as guest writer Bruno Deshayes explains in this thought provoking article.

imageYou get pleasantly surprised to notice an unknown website apparently sending traffic to you. When you click on the link not only do you find that the page does not mention your site at all but at best security essentials blocks the threat or at worst your browser locks up and it is anybody’s guess what the pirate is doing under the hood.

Better close down your PC altogether and run a virus check. If you run a laptop even turning the machine off will achieve nothing – you have to physically turn the laptop over and remove the battery for a forced shutdown! How many files could get infected by the time you finally do it?

I find those fake referral urls showing up in cPanel | AWStats but also in blogspot | stats | traffic sources.

The old trick of course was to send you an email loaded with some html data rather than plain text. Viewing the thing in outlook would automatically launch the browser and – too late – the malicious website is already loaded and doing its nasty work unbeknown to you.

I used to handle that one by always checking suspicious emails this way: While having emails preview disabled: right mouse click and choose properties in the floating menu. Then choose details and message source to view the raw email text.

If they send me some base64 encoded attachment and nothing else you know it is a nasty payload. I have used Gmail for some time and still read it in outlook because I don’t like the ads or the heavy JavaScript used on the Gmail website. When I go there occasionally I am amazed at all the spam that got filtered out!

The internet in the last 10 years has become a very mature market with every man (woman?) and their dog blogging and every hacker from India, Russia and China trying to make a quid in broken English or else trying to rort the system.

The spread of botnets silently programmed to check every security loophole and delegating their activity to hundred of infected machines has come to the attention of the main stake holders. Microsoft who used to hide behind a whole industry of virus scanners is now taking the lead with effective and free maintenance tools. Well, their future depends on it. If Windows is crippled by security issues it makes Apple the alternative of choice. But behind the glitz the Steve Jobs camp is now having to face the music and made to understand that not everything can be fixed by the same marketing spin.

The worrisome factor is that in a global economy there isn’t a single entity to police the internet. If you look on the bright side the plague of email spam has been brought down to a fair extend. Interpol has nabbed pedophiles networks. The nofollow tag has tamed blog comments link spammers and even WordPress has come up with an advanced tool to keep comment interaction within its community alive and buzzing.

Bruno Deshayes is a writer, designer and developer who runs a portfolio of online services. He can be politically incorrect for the sake of stirring things up and engaging his readers.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Advertisements

1 Comment

Filed under Blogging Tips, Cyber Crime, Don't Get Hacked, Guest Writers, Opinion, Viruses, WordPress

March 2011 MessageLabs Intelligence Report – Rustock Goes Down, Bagle Botnet Picks Up The Slack

imageThere’s been much more discussion recently as to whether infected computers should be allowed unrestricted access to the Internet. Despite the fact we’ve been around the horn on this question for years, there’s still little consensus on this thorny issue.

Since infected computers, linked together in botnets, form the backbone of spam distribution networks – according to the March 2011 MessageLabs Intelligence Report, botnets sent an average of 88.2% of global spam during 2010 – this question needs to be taken off the back burner and dealt with much more aggressively.

Frankly, I’m tired of making excuses for people who are too damn lazy, too damn stupid, too damn inconsiderate, ………. to take the time to learn the basics of computer security. And, as a consequence cause me, and you incidentally, to have to deal with volumes of spam that are beyond the pale.

image

Graphic courtesy of Symantec (Click to expand to original)

According to the March 2011, MessageLabs Intelligence Report (released yesterday), the recently taken down Rustock botnet “had been sending as many as 13.82 billion spam emails daily, accounting for an average of 28.5% of global spam sent from all botnets in March.”

A little math suggests, that during March enough Spam was emailed that conceivably, every person on the Planet received 7 spam emails EVERY DAY! Since every person on the Planet is not connected, the abuse takes on another magnitude. I can’t think of another finite resource – and the Internet is a finite resource – that could be continuously abused in this way, without some kind of strong kickback.

Are we making any headway against botnets and the cyber criminals behind them? Not according to the MessageLabs Intelligence Report we’re not. Sure, Rustock has bitten the dust (at least for the moment), but the Bagle botnet has stepped into the breech, bumped up its output, and is now sending 8.31 billion spam emails each day, mostly tied to pharmaceutical products.

Report highlights:

Spam: In March 2011, the global ratio of spam in email traffic from new and previously unknown bad sources decreased by 2 percent (1 in 1.26 emails).

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 208.9 emails (0.479 percent) in March, an increase of .134 percentage points since February. In March, 63.4 percent of email-borne malware contained links to malicious websites, a decrease of .1 percentage points since February.

Endpoint Threats: The endpoint is often the last line of defense and analysis. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering.

Phishing: In March, phishing activity was 1 in 252.5 emails (0.396 percent), a decrease of 0.065 percentage points since February.

Web security: Analysis of web security activity shows that an average of 2,973 websites each day were harbouring malware and other potentially unwanted programs including spyware and adware, a decrease of 27.5% since February. 37 percent of malicious domains blocked were new in March, a decrease of 1.9 percentage points since February. Additionally, 24.5 percent of all web-based malware blocked was new in March, a decrease of 4.2 percentage points since last month.

Reading this type of report (or at least the highlights), is certainly educational, and can be a major step in expanding that sense of threat awareness that active Internet users’ require.

The full MLI Report is available here in PDF.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Interconnectivity, MessageLabs, spam, Symantec, Windows Tips and Tools

News From Symantec Hosted Services

image

We know, only too well, that cyber criminals take advantage of every opportunity that new and emerging technologies provide to expand their trade – data theft.

So, with the huge adoption rate in smart mobile devices, and our increased reliance on these devices (which are literally powerful computers), there is a more pronounced sense of urgency to protect the data stored on these sophisticated mobile devices from the threat of cybercrime.

Symantec Hosted Services, recognizing this need, recently announced enhancements to its MessageLabs Web Security Service roaming support options, that will allow organizations to further support the security needs of their mobile workforce.

According to Symantec – “The new enhancements will monitor and secure the online activity of a highly distributed workforce.  Drawing on findings from the recent MessageLabs Intelligence report highlighting the inappropriate web usage of mobile workers, SmartConnect and RemoteConnect for MessageLabs Hosted Web Security protect against malware, and enforces Web acceptable use policies for teleworkers, or employees, at remote offices.”

____________________________________________________

If you’ve noticed a significant drop in Spam in your inboxes lately, like I have, there’s good reason – according to Symantec Hosted Services.

On Sunday, October 3, Symantec Hosted Services noticed that global spam levels dropped to their lowest in a while. Symantec Hosted Services believes this drop was due to a decrease in output by the Rustock and Cutwail botnets.

For additional insight on how Symantec Hosted Services tracked last weekend’s spam drop via sophisticated botnet intelligence, what contribution to global spam each of the major botnets makes, and what factors influence botnet output, check out the MessageLabs  Intelligence blog report here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under bots, cell phone, Connected Devices, Email, Enterprise Applications, Malware Reports, MessageLabs, Software, spam, Symantec, System Security, Windows Tips and Tools

MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under cybercrime, Don't Get Scammed, Email, email scams, MessageLabs, Reports, spam, Symantec, Windows Tips and Tools

Global Cyber Crime: The Playing Field, The Players -The Perfect Storm

Guest writer Paul E. Lubic, Jr. takes a close up look at those who are really responsible for cybercrime – organized crime syndicates. You may find some surprises here.

image In my recent article Internet: The Good, The Bad, And The Ugly, I mentioned that organized crime was responsible for much of the malware and hacking now abundant across the Internet.  This article will delve into those organizations and where they’re located across the world.

It’s important to point out that the global economy and the Internet play an important part in how many cyber criminals are in business, and where they operate.

The international bestselling book The World Is Flat: A Brief History of the Twenty-First Century by Thomas L Friedman, analyzes globalization, primarily in the early 21st century.  The title is a metaphor for viewing the world as a level playing field in terms of commerce, where all competitors have an equal opportunity.

Friedman astutely points out that because of the Internet, the personal computer, and other technological advances, businesses can provide products and services to customers across the world when heretofore the cost of doing so was prohibitive.  So…what’s this got to do with global cyber crime?

The criminal element, recognizing that there was money to be made, took advantage of the “flat world” just as the legitimate businesses have.  Thus, there has been an explosion of cyber (Internet) criminal activity across the world…primarily by organized crime syndicates.

But, the recent development of these syndicates selling hacking tools packaged in such a way that an inexperienced hacker can operate a “productive” criminal business, has allowed much smaller players to enter this lucrative field.

Authentication firm VeriSign, recently reported that they studied 25 botnet herders across 3 online forums and found that botnets could be rented for an average US$8.59 per  hour on which hacking attacks could be launched.  A 24 hour rental goes for around US$64 on which could be run several different attack vectors.  We’re talking about cost similar to a flash drive or a box of printer ink cartridges!

Who are these syndicates?

As you might expect, they prefer to remain secret and as anonymous as possible in order to avoid detection and arrest.  However, we know that they are highly organized and very complex cyber crime organizations.

In recent years they have transformed from individual operations to an organized multi-layered network of cooperating syndicates.  Some of their names are China’s Gray Pigeons and Honkers Union of China; and the largest and most successful Russian Business Network of the Russian Federation.

Steven Chabinsky, deputy assistant director in the U.S. Federal Bureau of Investigation’s (FBI) cyber division recently told participants of  a US government trade show that criminal hacker organizations are operating with increasing corporate-like efficiency and specialization.  He listed some of the specialized roles in cyber crime organizations:

Coders, who write the exploits and malware.

Distributors, who trade and sell stolen data.

Tech experts, who maintain the criminal enterprise’s IT infrastructure.

Hackers, who search for and exploit vulnerabilities in applications,systems and networks.

Fraudsters, who woo potential victims with social engineering schemes like phishing and spam.

Hosted system providers, who offer illicit content servers.

Cashiers, who control drop accounts and provide names and accounts to other criminals for a fee.

Money mules, who complete wire transfers between bank accounts.

Tellers, who transfer and launder illicit earnings through digital currency services.

Organization leaders, who assemble the team and choose the targets.

Where do these criminal threats come from?

ThreatExpert.com reports that the worldwide distribution of threats is as follows:

China   31%

Russian Federation 22%

Brazil    8%

United Kingdom  6%

United States   6%

Spain    4%

Germany   4%

Others   19% (Includes: Canada, India, Iran, Algeria, Egypt, Syria, Iraq, Saudi Arabia, South Korea, and Turkey).

As indicated above, China is the threat leader, and has been for some time.  However, security software vendor Zscaler indicates a new threat is emerging in South America; where 7 of the top 10 countries with high saturation of malware-distributing servers were South and Central American nations.

These include Brazil, Bolivia, Peru, Argentina, Paraguay, Ecuador and Colombia.  My own organization’s security logs reflect this trend with increasing numbers of attempted attacks from all these countries and more…every day.

The threats referred to in this article include: malicious mail servers which send millions of phishing and ad-related spam email; viruses; keylogger bot programs that record keyboard keystrokes to collect user access Ids, passwords, and bank account numbers which are sent to the criminal controllers of the bot for use in identity theft and bank fraud; and various backdoor Trojans that allow future access by other malware.

This perfect storm of:

1. A flat world facilitating global business activity.

2. The involvement of organized crime syndicates.

3. The selling and renting of malware packages and botnets to the criminal masses has radically increased the malware, hacking, and subsequent danger present on the Internet today.

Guest writer Paul E. Lubic, Jr. is a long time IT professional who has held the positions of programmer, IT Security Manager and Chief Information Officer.  His interests lie in the IT security area, but he writes on all categories of technology.

Paul is a mature and seasoned writer, with a rare ability to break down complex issues into an easy to understand format. Check him out at his Blog – Paul’s Home Computing.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

25 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Guest Writers, Interconnectivity, Internet Safety, internet scams, Internet Security Alerts, Windows Tips and Tools

New Symantec Cloud Based Security Solution for Small and Medium Sized Groups Announced

image On the whole, businesses, at every level, have virtually the identical need to protect computer systems as you and I. It’s just a matter of degree.

Both businesses, and individuals, need protection against viruses, spyware, rootkits, spam, phishing, and other types of malware.

One major difference does exist however. You and I, at a personal level, uncomfortable as it may be, are likely to survive a malware infection with either limited, or no cost.

Not so a business. Computers, and automated business systems, have become crucial to the effective operation, and stability, of most businesses. Downtime, caused by cybercrime, can have lasting impact on a business’s long term viability and reputation.

Given the current threat conditions on the Internet, small and medium sized business, now, more than ever, need an effective cyber security plan. A plan that is relatively simple – but comprehensive, and in keeping with the realities of the present business environment – cost effective.

Based on these recognized needs, Symantec Hosted Services today announced a new cloud-based service, designed specifically with the SMB market in mind.

According to Symantec “Customers will now be able to protect their Windows-based laptops, desktops, and file servers from the proliferation and growing sophistication of threats with the simplicity and convenience of a cloud-based service.”

By taking advantage of this cloud based service, Symantec clients will realize considerable savings; since there is no need for additional hardware, or management software.

At the moment, Symantec Hosted Endpoint Protection is available only to customers in North America.

Fast facts:

Comprehensive Protection for Customer Systems: Advanced technologies for antivirus, antispyware, firewall and host intrusion prevention.

Always-on Protection for Endpoints: Automated updates occur transparently over an Internet connection to keep employee systems current and consistent with client policies when employees are in the office or on the road – even when they’re not logged into their corporate VPN.

Web-based Management Console: Administrators can access the administration portal over a supported Web-browser and corporate VPN access is not required to monitor and manage each computer. Administrators receive real-time alerts via SMS or email and can easily perform functions such as initiate a Live Update to refresh system protection levels, view history on systems and change local policy settings.

Ease of Management: Adds and manages new computers without requiring on-site management servers. Updates occur automatically and new features are introduced as they become available during the subscription period for no additional fee.

Scalable: Flexibility provided through a hosted model allows the solution to scale to incorporate new endpoints quickly and efficiently without requiring additional hardware or management software.

Fast to Deploy: Can be quickly deployed to users via standard download, an email invitation or silently pushed to the customer’s network.

To sign up for a Hosted Endpoint Free Trial visit Symantec’s MessageLabs.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, Business Applications, Cloud Computing Applications, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Interconnectivity, MessageLabs, Networking, Software, Software Trial Versions, Symantec, System Security, Windows Tips and Tools

Rustock Botnet Eclipses Cutwail As the Biggest Botnet

image When you run a business, market position needs to be foremost in your mind – you can’t let the competition get one step ahead.

Spam is a business, just like any other business, and the strategies and tactics that apply to legitimate business apply equally to an illegal business like Spam.

Technical sophistication, in terms of both creativity and delivery techniques, continue to improve in the Spam marketplace, motivated of course, by the cyber criminals’ need to generate increasing opportunity for financial gain and identity theft.

MessageLabs April 2010 Intelligence Report indicates there has been some jockeying for position in the Spam Botnet marketplace, where the Rustock Botnet has now surpassed Cutwail as the biggest botnet, both in terms of the amount of spam it sends, and the amount of active bots under its control. Rustock is now responsible for 32.8 percent of all spam.

So, what does this mean to you, and me, in terms of risk? As an indication of the substantial risk we continue to face from Spam, MessageLabs Intelligence reports in their April 2010 release, that they intercepted 36,208 unique strains of Spam delivered malware during the month, which translates into 1 in every 287 emails packed with a virus.

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

Symantec’s latest MessageLabs Intelligence Report is scary stuff, and I encourage you to read this report which will give you some indication of where we’re likely headed, and what we’ll have to deal with.

MessageLabs Intelligence report highlights:

Spam: In April 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.9 percent (1 in 1.11 emails), a decrease of 0.8 percentage points since March.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 340.7 emails (0.294 percent) in April, an increase of 0.01 percentage points since March. In April 28.9 percent of email-borne malware contained links to malicious websites, an increase of 12.1 percentage points since March.

Phishing: In April, phishing activity was 1 in 455.2 emails (0.219 percent) an increase of 0.03 percentage points since March. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had increased by 5.7 percentage points to 70.3 percent of all email-borne threats.

Web security: Analysis of web security activity shows that 10.9 percent of all web-based malware intercepted was new in April, a decrease of 4.0 percentage points since March. MessageLabs Intelligence also identified an average of 1,675 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 12.7 percent since March.

Geographical Trends:

· Spam levels in Italy rose to 95.5 percent in April positioning it as the most spammed country.

· In the US, 90.2 percent of email was spam and 88.9 percent in Canada. Spam levels in the UK rose to 89.4 percent.

· In the Netherlands, spam accounted for 91.5 percent of email traffic, while spam levels reached 89.4 percent in Australia and 92.3 percent in Germany.

· Spam levels in Hong Kong reached 91.0 percent and spam levels in Japan were at 86.9 percent.

· Virus activity in Taiwan was 1 in 76.3 emails, keeping it as the most targeted country for email-borne malware in April.

· Virus levels for the US were 1 in 646.3 and 1 in 416.2 for Canada. In Germany, virus levels were 1 in 471.0, 1 in 1,120.0 for the Netherlands, 1 in 416.5 for Australia, 1 in 501.0 for Hong Kong, 1 in 1,161.0for Japan and 1 in 613.0 for Singapore.

· UK remained the most active country for phishing attacks in April with 1 in 199.7 emails.

Vertical Trends:

· In April, the most spammed industry sector with a spam rate of 94.9 percent remained the Engineering sector.

· Spam levels for the Education sector were 91.1 percent, 90.2 percent for the Chemical & Pharmaceutical sector, 90.7 percent for IT Services, 90.9 percent for Retail, 88.4 percent for Public Sector and 88.4 percent for Finance.

· In April, the Public Sector remained the most targeted industry for malware with 1 in 99.1 emails being blocked as malicious.

· Virus levels for the Chemical & Pharmaceutical sector were 1 in 438.2, 1 in 487.5 for the IT Services sector, 1 in 600.2 for Retail, 1 in 109.6 for Education and 1 in 365.9 for Finance.

The full April 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, MessageLabs, spam, Symantec, System Security, Viruses, Windows Tips and Tools