MessageLabs Intelligence: Botnets On The Rise – Pushing Out 11% More Spam

I wrote an article, in June of this year, on FIFA World Cup spammers that turned out to be a popular article (over 4,000 reads) – so, I’ve decided Spam isn’t all bad after all.  🙂

I’m being more than a little facetious, of course. Spam, without a doubt, is one the worst things about the Internet.

MessageLabs Intelligence August 2010, report indicates (surprise, surprise), that there’s been a recent minor reduction in the total amount of spam in circulation. Offsetting this slightly good news though; the same report makes the point that spam, generated by botnets, has increased to 95 percent of all spam – up 11% in just five months.

The Rustock botnet continues to be the main culprit, pumping out 41 percent of all spam in August. This, despite the fact that the Rustock botnet has been reduced in size by roughly half.

Before you think that’s because we’re better at catching botneted machines – it’s not. The fact is, the Rustock botnet is now faster, and more efficient, because it no longer uses TLS encryption.

Selected stats from the report:

This month, there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.

The UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil.

The US is home to the greatest number of bots, most notably Rustock, Storm and Asprox.

A PDF version of the full report including additional findings on spam and security threats is available here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Straight From PandaLabs – Malware to Watch for in 2010

Button up your overcoat and get your rain gear ready; it’s going to get stormy! PandaLabs has released its 2010 forecast of computer threat trends for 2010.

Cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge truly is a critical necessity to ensure your personal safety on the Internet.

The following PandaLabs forecast can help you get ready for the malware threats expected in 2010.

Courtesy of Panda – PandaLabs Forecast: 2010 Computer Threat Trends

• Fake antivirus, bots and banker Trojans will continue to increase
• Cyber-criminals will keep fine-tuning their social engineering skills to trick victims
• More malware will be created for Windows 7 and Mac operating systems
• The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009.

As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination.

Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise
Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc.  It is always a good idea to be suspicious any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7
Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!
Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone – the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android, and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals
Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive.

Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware.

These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009 we have already seen some attacks, and predict there are more to come in 2010.

Cyber war
Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

Securing the Cloud
Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise
2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Results – Not to be Trusted!

It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.

Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.

As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.

Redirection exploit process:

Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.

Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spammers Are Planning for the Holidays

Symantec’s October 2009, MessageLabs Intelligence Report, shows how far ahead Spammers plan in order to entrap the unwary web surfer. Just as you are preparing for the holidays, so are the Cybercriminals. As the old saying goes “forewarned is forearmed”, so be prepared.

Courtesy of MessageLabs:

October begins the holiday season and for the next three months, online shopping and research will become a premium for consumers.  Symantec today announced its October 2009 MessageLabs Intelligence Report which reveals the that the spam gangs behind the biggest botnets – Cutwail, Rustock and Donbot – are using the same upcoming major holidays and world events as the themes for their the latest spam runs.

Highlights from the latest report.

Halloween – Trick or treat?  Only 0.5% of spam right now is tied to Halloween – however MessageLabs Intelligence expects approximately 500 MILLION Halloween themed spam emails to be in circulation worldwide, each day, as the holiday approaches this week. The majority of this type of spam links to pharmaceutical or medical spam sites and comes from the Rustock and Donbot botnets.

Thanksgiving and Christmas – Spam from the Cutwail botnet uses both Thanksgiving and Christmas as a theme to sell replica watches. To date, holiday spam accounts for approximately 2% of all spam. More than 2 BILLION Thanksgiving or Christmas-themed spam emails are projected to be in circulation globally each day.

And spammers are even preparing for some of the next big holiday and major events in 2010 already.

Valentine’s Day – MessageLabs Intelligence has already started to see the first runs of St. Valentine’s Day spam, more than 4 months before the occasion. These are being sent from the Cutwail and Rustock botnets, and relate to pharmaceutical and medical spam.

2010 World Cup – Next summer’s soccer games in South Africa have already precipitated a small number of spam messages relating to the event. These are advance-fee fraud or 419-style scams, and they include images of Nelson Mandela and the official FIFA logo.

How successful are these scams? Consumers fall victim to messages like this all the time, fueling an underground economy worth an estimated $105 billion in profit from fraudulent activities.

“As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season,” said MessageLabs Intelligence Senior Analyst, Paul Wood. “Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success.”

You can read a full copy of the report here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

150 BILLION Daily Spams – Who’s Responsible?

Symantec’s latest MessageLabs Intelligence Report – unveiled today – describes in detail who’s responsible for such unprecedented levels of spam.

Over 150 BILLION unsolicited e-mail messages are being distributed by compromised computers every day, which means that botnets are responsible for approximately 88 percent of all spam out there today.

Recent closures of rogue Internet Service Providers McColo, PriceWert and Real Host have significantly hurt the two biggest botnets of 2009: Cutwail and Srizbi, which at their peak where each responsible for 45.6 percent and 50 percent of all global spam, respectively. Since then, Cutwail has been bumped to the third most powerful botnet and Srizbi has disappeared.

Here’s a look at how some of the newest botnets stack up:

Grum – the most active botnet, responsible for over 23 percent of global spam. Since June, Grum has increased its output per bot massively, pushing it to the top of the current “worst offenders”.

Bobax – has overtaken Cutwail as a top botnet, and is responsible for 15.7 percent of spam. Previously one of the smaller, less active botnets, Bobax has now quadrupled in size and its output per bot per minute is now the highest MessageLabs has ever seen.

Rustock – the largest botnet of all, with an estimated 1.3 to 1.9 million compromised computers in its control. Rustock has roughly doubled in size since June, but doesn’t have a high output. What sets this botnet apart from the rest is its highly automated cycle of spamming activity: spam from this botnet accelerates from 3am EST, peaks around 7am EST and dies down by 7pm EST.

Mega D – has been losing bots quite rapidly. It is now only one tenth the size it was in June. However, it’s now working its bots harder than ever, 2nd only to the output of Bobax in spam per bot per minute!

Maazben – meet the newest botnet, and one to watch in the future. Currently focused on sending out casino-spam, Maazben first appeared in May and has been growing the number of bots rapidly in recent weeks while keeping its output low.

What else can we expect from these powerful machines and how can businesses safeguard against their threats? You can find additional information on this and other online threats here.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Google – Get Off Your Collective Butts and Fix The Problem!

Internet security is a “sexy” business – one gets to work in the “dark side” of the Internet and is constantly challenged to stay ahead of the learning curve, develop new techniques, appliances and applications to protect Web sites, and attached devices and systems, from hackers, cyber-crooks, malware and while understated, terrorists.

Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more. It’s this last one – a failure in consumer confidence that is the focus of this article.

In dealing with Internet security issues, I’m often frustratingly reminded of the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, anon. It’s no surprise then that a substantial security issue, well known to Google, which has failed to come up with an effective solution, continues to plague the Internet.

Those of us who are involved in Internet security know, and have known for a considerable time, that cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

For example, until quite recently (less than 3 weeks ago), a user searching for the following string on Google “Microsoft Office 2002 download” would have encountered a Microsoft.com redirection link as the first result. That link had been redirecting visitors to a malicious web site, that then launched a malware attack which included an attempt to convince victims to download rogue security software. Microsoft has since fixed the problem.

Equally as disturbing, seventy nine percent of compromised web pages tracked in the last year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.

If one were to poll a group of typical Internet users as to the safety and reliability of search engine results there is little doubt that the answer would be positive. Given that search engine results can be manipulated in the ways described above, and other ways, it is reasonable to ask the question – why aren’t typical Internet users aware of this situation.

Arguably, a case could be made that Google and others subscribe to the “head in the sand syndrome” – if we ignore it will go away, if we ignore it then it can’t be real, if we ignore it will get better, since to acknowledge this issue, and to give it the focus it deserves, would erode consumer confidence in the product. Good corporate thinking, huh?

Here’s a sample of what Internet users are facing, posted on the Internet just today, January 16, 2009:

“I’m the owner of the site http://www.xxxxxx.net. When anyone searches Google for our firm, the first result looks like the link to our site. But when anyone clicks on that result they get redirected to an alarming site that tries to sell fake spam software. The hijack site takes control of the browser! This is happening when our potential clients search for us! Help! If I type the address directly into my browser then it works fine. I submitted a spam report to Google a couple of days ago, but nothing has changed yet”.

So how do the crooks do it?

Common techniques used by cyber-criminals include the manipulation of search engine results, and the seeding of fake Websites among the top results returned by these engines. When a potential victim visits one of these sites (as described above), the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

An additional method, employed by cyber-crooks is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So will Google address this issue? Sure, but only when malicious hackers finally force them to. Great business model Google!

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Checkout Need Free Security Programs? – 10 Of The Best! on this site

Fake/Redirected Search Results – Consequences for You

I hate being victimized! Unfortunately, all of us who use the Internet can be victimized in ways that sometimes defy credibility. Ironically, even those of us who specialize in Internet security can be targeted by cyber-criminals.

Several weeks ago, one of my Blog sites was the target of redirected search engine results. Essentially, what had been happening is this – when a search was made by a web user which produced a result listing my site, and the user clicked on that link, in some circumstances, the user was redirected to a site, or page, controlled by a hijacker.

While this exploit didn’t impact me financially, since I don’t run ads on my sites, it was disappointing knowing that cyber-criminals were potentially benefiting economically from the results of my efforts. Very often, the purpose behind this type of attack is the hacker’s need to increase his site’s reputation on Google, and other search engines, by fraudulently increasing the site’s hits. This can lead to an increase in profits generated by that site.

The dangers to you:

Those of us who are involved in Internet security know – cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

Earlier today, I read on the Darkreading Website, a security site for IT professionals, “that hackers have launched a multi-faceted attack on the Website of the popular AARP organization, rerouting traffic from the seniors’ association to pornography sites”. A bit chancy, I would have thought.

Other common techniques used by these cyber-criminals include the manipulation of search engine results, and the seeding of Websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

Malware by Proxy – Fake Search Engine Results

For the past several months I’ve been watching closely, as the pace of Blog and Internet Forum debate has been escalating regarding fake search engines results and malware.

Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

It was reported recently that fifteen thousand web pages were infected daily between January and March of this year; three times the rate of infection noted in the previous year. More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past, the following are actions you can take to shield your computer system from malware infections:

• Install an Internet Browser add-on such as WOT which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer
• Install a personal firewall on the computer
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

Ad-Aware 2007

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen; particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Fake/Redirected Search Engine Results = Malware

For the past several months I’ve been watching closely, as more and more Blog discussions have been taking place around the topic of search engines results and malware.

Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

For more information on this, and other threats checkout Spyware Sucks, a great Blog that will keep you up to date on the latest risks to your online safety.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

• Don’t open unknown email attachments

• Don’t run programs of unknown origin

• Disable hidden filename extensions

• Keep all applications (including your operating system) patched

• Turn off your computer or disconnect from the network when not in use

• Disable Java, JavaScript, and ActiveX if possible

• Disable scripting features in email programs

• Make regular backups of critical data

• Make a boot disk in case your computer is damaged or compromised

• Turn off file and printer sharing on the computer.

• Install a personal firewall on the computer.

• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

• Ensure the anti-virus software scans all e-mail attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

www.avast.com

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition

www.free.grisoft.com

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware 2007

www.lavasoftusa.com

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

www.threatfire.com

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

www.comodogroup.com

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

www.winpatrol.com

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

www.sandboxie.com

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

www.snoopfree.com

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. Particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Share this post :