Spam levels for Q2 2009 averaged 88.7 percent compared with 74.5 percent for Q1 2009, according to the June 2009 MessageLabs Intelligence Report from security vendor Symantec. The global ratio of spam was 90.4 percent in June, reflecting no change since May.
Spam from compromised PCs, known as botnets, accounted for 83.2 percent of all spam in June. One of the largest botnets, Cutwail (also known as Pushdo), had resumed spamming just hours after the shut-down of the botnet's command-and-control server Pricewert/3FN by the Federal Trade Commission.
"Cutwail's recovery to one-third of its original levels, after only a few hours, highlights the progress spammers have made since the McColo shutdown in November," said Paul Wood, MessageLabs Intelligence Senior Analyst. "Spammers have learned the importance of having a backup for command and control channels."
The report also identified a rise in the threat of malicious links in instant messages, to 1 in 78 IMs containing links, an increase of .78 percent over the past six months. At the current rate, 1 in 80 IM users may expect to receive a malicious instant message each month.
MessageLabs Intelligence said a growing number of threats target the healthcare sector. Email-borne malware attacks targeting the healthcare sector have more than doubled since the start of 2009.
Monthly Archives: June 2009
New spam tactic: Spam profiles on social networks
Filed under Security News
Tagged as Add new tag, blog, Google, Jason Morrison, Joomla, Moodle, new spam tactic, phpBB, social networking, spam, vBulletin
Tagged as Add new tag, blog, Google, Jason Morrison, Joomla, Moodle, new spam tactic, phpBB, social networking, spam, vBulletin
Spammers have been creating profiles on social networking sites to attract unsuspecting users through spam friend requests and messages, according to Google researcher Jason Morrison, writing on the Google webmaster blog.
Some fake profiles include popular pharmaceuticals as the profile name, but savvier spammers have begun to use real names and realistic data to fly under the radar and populate the network with bad links.
"To make sure their newly-minted gibberish profile shows up in searches they will also generate links on hacked sites, comment spam and yes, other spam profiles," Morrison said on the blog. "This results in a lot of bad content on your domain, unwanted incoming links from spam sites and annoyed users."
Morrison warned that spammers can exploit bulletin boards and content management systems such as vBulletin, phpBB, Moodle and Joomla that generate member pages for every user that creates an account.
Webmasters can cut down on spammers exploiting their websites through anti-spam features such as CAPTCHAs and user reporting of suspect profiles.
Facebook, under attack from spammers using hijacked accounts, filed a lawsuit in February against notorious "spam king" Sanford Wallace, claiming they violated CAN-SPAM and won a restraining order in March banning them from the site.
Some fake profiles include popular pharmaceuticals as the profile name, but savvier spammers have begun to use real names and realistic data to fly under the radar and populate the network with bad links.
"To make sure their newly-minted gibberish profile shows up in searches they will also generate links on hacked sites, comment spam and yes, other spam profiles," Morrison said on the blog. "This results in a lot of bad content on your domain, unwanted incoming links from spam sites and annoyed users."
Morrison warned that spammers can exploit bulletin boards and content management systems such as vBulletin, phpBB, Moodle and Joomla that generate member pages for every user that creates an account.
Webmasters can cut down on spammers exploiting their websites through anti-spam features such as CAPTCHAs and user reporting of suspect profiles.
Facebook, under attack from spammers using hijacked accounts, filed a lawsuit in February against notorious "spam king" Sanford Wallace, claiming they violated CAN-SPAM and won a restraining order in March banning them from the site.
Hackers hijack Britney Spears’ TwitPic account
Filed under Security News
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Hackers broke into the TwitPic accounts of Britney Spears, Ellen DeGeneres and other celebrities to broadcast bogus information, the Associated Press reported.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
FTC settles with rogue antivirus vendor ByteHosting
Filed under Security News
Tagged as antivirus, ByteHosting, DriveCleaner, ErrorSafe, Federal Trade Commission, FTC, judgment, Reno, settlement, settles, WinAntivirus, WinFixer
Tagged as antivirus, ByteHosting, DriveCleaner, ErrorSafe, Federal Trade Commission, FTC, judgment, Reno, settlement, settles, WinAntivirus, WinFixer
The Federal Trade Commission last week settled its case against ByteHosting, an alleged vendor of phony antivirus software known as scareware. The FTC said the defendants tricked more than 1 million people into buying fake antivirus products.
In its judgment of nearly $1.9 million against James Reno and ByteHosting Internet Services, FTC agreed to reduce the amount to $116,000 due to the defendants' inability to pay. FTC said the full judgment represented the gross revenues realized from the alleged scam.
FTC said Reno and ByteHosting were part of a massive deceptive advertising scheme that tricked consumers into buying rogue web security products, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus.
The scheme allegedly relied on deceptive advertisements featuring bogus computer scans that falsely claimed to detect viruses, spyware and illegal pornography on consumers' computers.
Reno and ByteHosting are prohibited from using deceptive scareware advertising tactics and from installing malicious programs on consumers' computers. The settlement also permanently bars Reno and ByteHosting from ever again doing business with their co-defendants.
Microsoft said earlier this month that infections by scareware spiked dramatically worldwide in the second half of 2008.
In its judgment of nearly $1.9 million against James Reno and ByteHosting Internet Services, FTC agreed to reduce the amount to $116,000 due to the defendants' inability to pay. FTC said the full judgment represented the gross revenues realized from the alleged scam.
FTC said Reno and ByteHosting were part of a massive deceptive advertising scheme that tricked consumers into buying rogue web security products, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus.
The scheme allegedly relied on deceptive advertisements featuring bogus computer scans that falsely claimed to detect viruses, spyware and illegal pornography on consumers' computers.
Reno and ByteHosting are prohibited from using deceptive scareware advertising tactics and from installing malicious programs on consumers' computers. The settlement also permanently bars Reno and ByteHosting from ever again doing business with their co-defendants.
Microsoft said earlier this month that infections by scareware spiked dramatically worldwide in the second half of 2008.
Green Dam web filter still vulnerable to exploits
Filed under Security News
Tagged as botnet, China, exploits, Green Dam, malware, security flaws, vulnerable, web filter
Tagged as botnet, China, exploits, Green Dam, malware, security flaws, vulnerable, web filter
Green Dam Youth Escort, the web filtering software China is requiring PC-makers to preinstall on all new machines sold in the country starting July 1, is still vulnerable to exploits that web security experts warn could lead to the creation of a botnet for spreading malware.
China's government insists that the software is necessary for blocking access to pornographic content, but researchers using the software said it also blocks political content and tracks online activity.
Earlier this month, security researchers from the University of Michigan identified two security flaws that could have allowed remote parties to execute arbitrary code and take control of the computer, which the software maker has since patched.
But the researchers said last week they had discovered another security hole on the latest version which a maliciously-crafted website could exploit to take control of the computer. It took them only an hour to find the bug, they said.
The researchers wrote that making Green Dam safe from exploits will require substantial changes and careful retesting.
"It is unlikely that the required changes can be completed … before China's July 1 deadline for mandatory distribution of Green Dam with new PCs," they wrote.
Another security researcher has posted attack code to the Milw0rm website, which has been circulating in the wild for a week, according to CNET News.
China's government insists that the software is necessary for blocking access to pornographic content, but researchers using the software said it also blocks political content and tracks online activity.
Earlier this month, security researchers from the University of Michigan identified two security flaws that could have allowed remote parties to execute arbitrary code and take control of the computer, which the software maker has since patched.
But the researchers said last week they had discovered another security hole on the latest version which a maliciously-crafted website could exploit to take control of the computer. It took them only an hour to find the bug, they said.
The researchers wrote that making Green Dam safe from exploits will require substantial changes and careful retesting.
"It is unlikely that the required changes can be completed … before China's July 1 deadline for mandatory distribution of Green Dam with new PCs," they wrote.
Another security researcher has posted attack code to the Milw0rm website, which has been circulating in the wild for a week, according to CNET News.
Iranian hackers hijack University of Oregon network
Filed under Security News
Tagged as Cyber Secure Institute, hackers, hijack, Iran, iranian, network, Obama, Rob Housman, University of Oregon
Tagged as Cyber Secure Institute, hackers, hijack, Iran, iranian, network, Obama, Rob Housman, University of Oregon
Hackers sympathetic to Iran's ruling regime hijacked the University of Oregon website on Wednesday to redirect visitors to a site that said the regime "never cheated" in the disputed June 12 election.
The Associated Press reported that visitors to the university's web system during a 90-minute window Wednesday were taken to an 89-word pro-Iranian message that warned President Obama to stay out of Iranian affairs.
The hackers used the university's network to send the message to AP and others. The message addressed the president as "Hey Stupid Fly Catcher Obama!"
Diane Saunders, spokeswoman for the university, told AP that the hackers were able to gain control of the site through third-party software that had not been updated. Saunders said the computers of visitors to the site were not compromised.
Rob Housman, executive director of the Cyber Secure Institute, a research and advocacy firm, said the hack highlighted how the United States is engaged in a "low-level conflict" across cyberspace.
Housman said it reveals the extent to which U.S. network security is inadequate.
"[C]onsider the damage possible if the attackers weren't less sophisticated Iranian protestors but the Chinese military's cyber-special-forces or the legions of Russian cyber-irregulars," he said.
The Associated Press reported that visitors to the university's web system during a 90-minute window Wednesday were taken to an 89-word pro-Iranian message that warned President Obama to stay out of Iranian affairs.
The hackers used the university's network to send the message to AP and others. The message addressed the president as "Hey Stupid Fly Catcher Obama!"
Diane Saunders, spokeswoman for the university, told AP that the hackers were able to gain control of the site through third-party software that had not been updated. Saunders said the computers of visitors to the site were not compromised.
Rob Housman, executive director of the Cyber Secure Institute, a research and advocacy firm, said the hack highlighted how the United States is engaged in a "low-level conflict" across cyberspace.
Housman said it reveals the extent to which U.S. network security is inadequate.
"[C]onsider the damage possible if the attackers weren't less sophisticated Iranian protestors but the Chinese military's cyber-special-forces or the legions of Russian cyber-irregulars," he said.
Spammers exploit Michael Jackson’s death
The death of pop icon Michael Jackson on Thursday is already being exploited by cybercriminals sending spam emails with subject lines and messages related to the news, IT security firm Sophos said.
In these messages, the spammer claims to have "vital informations" about the death of "Michael Jackson's" to share with recipients of the email. The body of the email does not contain any call-to-action links, but a spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message.
This type of breaking news story that spurs widespread popular interest is the perfect vehicle for spammers to snare vulnerable computer users, said Graham Cluley, senior technology consultant at Sophos.
Cluley said the firm has also seen spam piggy-backing on the news of Farrah Fawcett's death to spread fake antivirus software.
"The fact is that cybercriminals have no respect for taste and decency," Cluley said. "The only thing they are interested in is making some money for themselves."
In March, the sudden death of British actress Natasha Richardson inspired a wave of malicious search-optimized websites for spreading rogue antivirus products.
In these messages, the spammer claims to have "vital informations" about the death of "Michael Jackson's" to share with recipients of the email. The body of the email does not contain any call-to-action links, but a spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message.
This type of breaking news story that spurs widespread popular interest is the perfect vehicle for spammers to snare vulnerable computer users, said Graham Cluley, senior technology consultant at Sophos.
Cluley said the firm has also seen spam piggy-backing on the news of Farrah Fawcett's death to spread fake antivirus software.
"The fact is that cybercriminals have no respect for taste and decency," Cluley said. "The only thing they are interested in is making some money for themselves."
In March, the sudden death of British actress Natasha Richardson inspired a wave of malicious search-optimized websites for spreading rogue antivirus products.
Stolen Cornell laptop contained 45,000 SSN
Filed under Security News
Tagged as Cornell University, laptop, Polley A. McClure, social security numbers, SSN, stollen
Tagged as Cornell University, laptop, Polley A. McClure, social security numbers, SSN, stollen
Cornell University on Tuesday acknowledged that a university-owned computer stolen in early June contained the names and Social Security numbers of approximately 45,000 current and former staff and students and some dependents, leaving them vulnerable to identity theft.
The Cornell Daily Sun reported Wednesday that a member of the Cornell IT staff left the laptop in a physically unsecure environment, which violates university policy. New York state police have begun an investigation into the theft and told the paper the employee was not a suspect.
The university said it has begun sending emails and letters to the individuals whose information was on the computer. They will be offered one year of free credit monitoring and identity restoration services.
"In response to incidents of theft like this one and the increasing number of internet-enabled computer attacks, the university is continually enhancing its systems and practices," Polley A. McClure, vice president for information technologies, said in the letter.
Last June, a university computer was hacked, leading Cornell to warn 2,500 students and alumni that their personal information had potentially been stolen, the Daily Sun reported.
The Cornell Daily Sun reported Wednesday that a member of the Cornell IT staff left the laptop in a physically unsecure environment, which violates university policy. New York state police have begun an investigation into the theft and told the paper the employee was not a suspect.
The university said it has begun sending emails and letters to the individuals whose information was on the computer. They will be offered one year of free credit monitoring and identity restoration services.
"In response to incidents of theft like this one and the increasing number of internet-enabled computer attacks, the university is continually enhancing its systems and practices," Polley A. McClure, vice president for information technologies, said in the letter.
Last June, a university computer was hacked, leading Cornell to warn 2,500 students and alumni that their personal information had potentially been stolen, the Daily Sun reported.
Google urged to adopt default data encryption for Gmail
A letter to Google CEO Eric Schmidt last week signed by 37 web security experts urged the company to enable encryption by default for the users of Gmail, Google Docs and Google Calendar.
Google already uses Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers' login information, which is available as an option for users of Google's webmail and other cloud-based services.
However, encryption is not enabled by default to protect data sent by users of Google Mail, Docs or Calendar. As a result, the security experts said, Google customers who use a public connection such as open wireless networks "face a very real risk of data theft and snooping."
Alma Whitten, from Google's security and privacy teams, responded on the Google public policy blog that the company is planning a trial in which it will move small samples of different types of Gmail users to HTTPS "to see what their experience is and whether it affects the performance of their email."
The group Consumer Watchdog said Google should be praised for agreeing to offer improved security but asked why the company waited so long to act.
The group is calling on other online companies like Yahoo, Microsoft, Facebook and MySpace to offer the same protection.
Google already uses Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers' login information, which is available as an option for users of Google's webmail and other cloud-based services.
However, encryption is not enabled by default to protect data sent by users of Google Mail, Docs or Calendar. As a result, the security experts said, Google customers who use a public connection such as open wireless networks "face a very real risk of data theft and snooping."
Alma Whitten, from Google's security and privacy teams, responded on the Google public policy blog that the company is planning a trial in which it will move small samples of different types of Gmail users to HTTPS "to see what their experience is and whether it affects the performance of their email."
The group Consumer Watchdog said Google should be praised for agreeing to offer improved security but asked why the company waited so long to act.
The group is calling on other online companies like Yahoo, Microsoft, Facebook and MySpace to offer the same protection.
Security worries, spam dog mobile finance
Two-thirds of mobile device users say they are concerned about security, preventing many users from adopting mobile services such as banking or shopping, according to a new Harris Interactive poll commissioned by Cloudmark.
Mobile spam, including phishing attacks seeking personal information, was also shown to be impacting about 44 percent of mobile device owners.
"The prevalence of spam will only continue to rise as financial gain for spammers continues to increase," said Jamie de Guerre, CTO of Cloudmark. "For new services to succeed, it will be imperative for mobile operators to assure their customers of a secure environment for transactions and to ensure that mobile spam does not impact the delivery of legitimate messages."
Nearly half (46 percent) of those who said they were concerned about the IT security of their devices said their worries prevented them from conducting activities on their mobile device. The most impacted service is mobile transactions such as paying bills.
The survey found 79 percent of mobile device owners who have never sent or received confidential information of any kind through their device, Cloudmark said.
Wireless users in the US received more than 1.1 million spam text messages in 2007, a 38 percent increase from 2006, according to Senator Olympia Snowe, who is sponsoring legislation called the m-Spam Act to strengthen anti-spam enforcement.
Mobile spam, including phishing attacks seeking personal information, was also shown to be impacting about 44 percent of mobile device owners.
"The prevalence of spam will only continue to rise as financial gain for spammers continues to increase," said Jamie de Guerre, CTO of Cloudmark. "For new services to succeed, it will be imperative for mobile operators to assure their customers of a secure environment for transactions and to ensure that mobile spam does not impact the delivery of legitimate messages."
Nearly half (46 percent) of those who said they were concerned about the IT security of their devices said their worries prevented them from conducting activities on their mobile device. The most impacted service is mobile transactions such as paying bills.
The survey found 79 percent of mobile device owners who have never sent or received confidential information of any kind through their device, Cloudmark said.
Wireless users in the US received more than 1.1 million spam text messages in 2007, a 38 percent increase from 2006, according to Senator Olympia Snowe, who is sponsoring legislation called the m-Spam Act to strengthen anti-spam enforcement.