Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
CSO - The Federal Communications Commission (FCC) is asking for help in developing a "Cybersecurity Roadmap," an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments. The one piece of advice I will offer the commission is to begin measuring the responsiveness of Internet service providers (ISPs) and hosting companies in quashing malicious threats that take up residence on their networks. This is an imperative first step to prevent attacks on the Internet infrastructure, in addition to making the Internet a friendlier place for users. Also see Krebs' Botnets: The Democratization of Espionage The FCC said that it is seeking comments on how to proceed with the roadmap, which is part of the commission's National Broadband Plan to roll high-speed Internet services to more Americans. The commission made the request at almost the same time as the Pew Research Center's Internet & American Life Project issued its finding that more than half of Americans disagree with federal efforts to expand broadband deployment, an effort for which the Obama administration has allocated more than $7 billion. The Pew report came as the FCC was releasing data showing that most Americans who are paying for high-speed access aren't getting anywhere near the Internet speeds they've been promised. Here's my proposal: Instead of spending billions to squeeze even more people onto already overloaded high-speed lines, the commission should spend its resources trying to improve the security, privacy and satisfaction of people already using these networks.
BEIJING — China began requiring identification on Wednesday from anyone purchasing a new mobile phone number in what it says is a bid to stamp out rampant junk messages but that some say gives the government a new tool for monitoring its citizens. The rules apply to everyone, including foreigners visiting China for a short stay, the China Daily newspaper reported. The paper said the regulation was "the latest campaign by the government to curb the global scourge of spam, pornographic messages and fraud on cellular phones." Low-cost mobile phone SIM cards are readily available in China, offered for sale at convenience stores, newspaper stands and at airport kiosks. Users could previously buy cards anonymously with cash and use them right away, a system that has made it difficult to track down spammers. The China Daily said that mobile users in China receive an average of 43 text messages a week, including 12 that are spam. The ID requirement is raising new privacy concerns and will likely upset some customers unwilling to give personal information to vendors and telecom companies for fear it will be resold, said Duncan Clark, managing director of BDA China Ltd., a technology market research firm. Wang Songlian, research coordinator with the Hong Kong-based Chinese Human Rights Defenders, said the new requirement fits a pattern of tightening government control over new communication technologies.
A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security. The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said Ed Rowley, product manager for M86 Security. The spam often advertises fake software, so-called designer goods and questionable pharmaceutical products. But security analysts with the computer security company LastLine took action last week, contacting ISPs that were hosting the command-and-control infrastructure for the botnet. About 30 servers at eight hosting providers were found to be supporting Pushdo. LastLine contacted the ISPs, and about 20 of the servers were taken offline, according to itsblog. Some ISPs, however, were unresponsive. Spam levels have dropped, Rowley said. LastLine's action "will almost certainly have a positive effect for two to three weeks," Rowley said. But "the spammers will be able to find other hosting providers where they will be able to get their systems up and running." LastLine appears to have taken down parts of Pushdo and Cutwail, which work together, wrote Atif Mushtaq of FireEye's Malware Intelligence Lab, in a blog post. Pushdo is a Trojan. Once it infects a computer, it often downloads Cutwail, a piece of malware capable of spamming as well as downloading other bad programs.
Forget the firewall. About 25% of malware today is designed to spread via USB storage devices that connect directly to PCs. The number comes from Panda Security, which recently surveyed 10,470 small and midsize companies -- those having up to 1,000 computers -- in 20 countries. Roughly half said that their organization had been infected by malware at least once in the previous year, and in the United States, 27% said the origin was a USB device. "Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, technical director of PandaLabs. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user. This has been the case with many infections we have seen this year, such as the distribution of the Mariposa and Vodafone botnets." Comparatively speaking, Panda found that 21% of malware originated via email and 14% from downloads or peer-to-peer networks. Infection-wise, the report also found that in the United States, the number of organizations reporting a malware infection over the past year increased slightly from 2009 to 2010, from 44% to 46%. In Europe in the same timeframe, however, infections declined from 58% to 49%. Viruses are still the most seen type of malware, accounting for an average of 45% of the malicious code that makes its way inside the network. Spyware, meanwhile, accounts for 23%. According to the report, however, 13% of small and midsize businesses don't have any security systems in place, with 57% of them saying their organization didn't regard security as a priority. For companies with security in place, they overwhelmingly (97%) do use antivirus software, with about one-third using free antivirus software aimed at home users. Personal firewalls are also quite popular, while anti-spam technology is not.
The Rustock mega-botnet appears to have ditched the experimental use of TLS (transport layer security) to obscure its activity, Symantec has reported. Rustock's use of TLS is now averages between 0.1 and 0.2 percent of all spam, peaking at 0.5 percent, a tiny fraction of the levels seen in March when it reached averages of around 25 percent with a peak of as much as 77 percent. The key moment was on April 20, when the volume of spam featuring the tactic suddenly plunged to sub-one percent levels after an equally sudden rise in rates in the weeks prior to that date. TLS adds a small but cumulative overhead to server email processing, which ties up mail servers but also affects the rate at which spam is sent. Why Rustock's controllers adopted the technique at all was never clear but might have been connected to a misplaced belief that it would make it harder for servers to filters its activity or detect the command and control system used to direct its activity. "It would seem that the botnet controllers, especially those behind Rustock, have perhaps realised that the use of TLS gave them little or no discernable benefits, and instead impeded their sending capacity owing to the additional bandwidth and processing overhead needed for TLS," reckons the August 2010 MessageLabs Intelligence Report.
If you've ever wondered who the heck is sending all that unwanted e-mail clogging your inbox, well, it's likely that 2 out of every 5 spam messages you receive are the handiwork of the same group of criminals. According to a report from Symantec's MessageLabs, 41 percent of all spam comes from a single botnet known as Rustock. Rustock has 1.3 million infected computers under its control, which represents a decrease from April, when the botnet was 2.5 million computers strong. Botnets are networks of infected computers that hackers compromise through malicious software. Criminals commonly use them to bombard in-boxes with all kinds of spam or make computers or websites crash under a barrage of traffic. By the end of July, botnets were responsible for 95 percent of all spam, the report said. Spam represented 92 percent of all e-mail traffic in the world this month, a 3.3 percent increase from July. MessageLabs also found that 1 out of every 328 messages carried a virus and 1 out of every 363 was a phishing attack (a type of lure that tries to get you to surrender personal or financial information).
Facebook and Twitter users are complaining about their accounts being compromised and then being used to spam friends with suspicious "free iPad offers." Twitterwarned users of the scam, Wednesday, saying that it was resetting passwords of affected users. "If you've received a message promising you a new iPad, not only is there no iPad, but also your friends have been hacked," Twitter said The scam is also hitting Facebook users to, according to company spokesman Simon Axten. "It's affecting an extremely small percentage of people on Facebook, but we take all threats seriously," he said via e-mail. Gerome Stevens discovered that his Twitter account had been used to direct message contacts late Wednesday. He's not sure how the scammers got into his account, but they sent direct messages to his friends, that said, "u have to check out this website its glitchin right now and sending out ipads to everyone for free!" He said the messages continued, even after he'd changed his password. The messages his friends received contained a link to better-gifts.net. That Web site asks for personal information, and then directs the user to a variety of promotional offers from legitimate companies such as Netfilx, the Doubleday Book Club, and Columbia House DVD.
Facebook on Friday afternoon was investigating what appeared to be a new spam scheme that results in users getting messages from friends over Facebook chat that have malicious links. The messages say "LOL is this you?" and are accompanied by a link that looks like it leads to a video on Facebook, one victim told CNET. In his case, clicking the link directed to a Web page with a "404-Page Not Found" error message and his account sent the spam out to at least one of his friends, he said. The spam was also reported on Twitter, but at this point the outbreak seems to be minor. A Facebook spokesman said the company is looking into the matter. The spam message is similar to ones used in several phishing attacks on Twitter in February.
Google has fixed an issue with Gmail that caused a small percentage of its accounts to repeatedly send email messages over and over. The bug, which affected less than 2.5 percent of the Gmail userbase, according to Google, involved odd behavior including the repeated messages. The bug was resolved Thursday night, according to Google's Google Apps dashboard. "The problem with Google Mail should be resolved," Google's tech support staff wrote. "We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better." The bug affected at least two writers for PCMag.com, who initially dismissed thoughts of a bug, suspecting that their PCs may have become infected with malware. The repeated messages also resulted in several Gmail users being added to spam lists, including www.Backscatterer.org and www.SORBS.net, according to WgtnDan, a user who posted to the Google Gmail support thread describing the problem. MrEvan, a poster described as a Google employee, also added his own apologies. "Thank you again for the patience you have shown, and sincerest apologies for the inconvenience this has caused you," he wrote. "I too have friends and professional contacts and absolutely understand the value of those relationships and how it could be very frustrating to have bothered some of those folks unintentionally. While I can't take the messages back with some sort of magical Undo Send, I totally sympathize with your situation. Please understand that the Gmail Team has worked tirelessly to investigate this issue and get it solved for you. Your reports were very helpful in our investigation."
Symantec says there is a new spam campaign making the rounds that features features a credential-stealing Trojan hidden in attachments with innocuous subject titles, such as "First Birthday Invitation," "Resume & Coverletter Feedback," "Your reservation is confirmed- Ref. 00338/058758." However, once clicked on, they could end up stealing users' banking and other personal information, reports eSecurity Planet. According to Symantec's security advisory, the Trojan.Zbot arrives as a zip attachment in an email that purports to contain a legitimate attachment, such as a birthday invitation, photos, or resume ... This Trojan has primarily been designed to steal confidential information, such as online credentials or banking details, but it can be customized to gather any sort of information from the compromised machine. As always, users are warned not to click on any attachments of unsolicited e-mails.
