Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
'Tis the season for making merry. Or in some cases making mischief, especially on the Web. Whether you're shopping online or just checking your personal e-mail, don't get financially fooled this holiday season. "In this economy, when we're all trying to get the most bang for our buck, we're letting down our guard," said Parry Aftab, a privacy attorney and the new family Internet safety adviser for McAfee Inc., a computer security firm. The hectic holidays, when people are hurrying and hunting for bargains, are especially ripe for online ripoffs, experts say.
We all know that spammers will do what ever it takes to find a way to send their advertisements and scams to potential victims. Spammers are circumventing methods services like Gmail, HotMail, andYahoo (NSDQ: YHOO)! use to stop automated spam to the point that even legitmate users of these services are unwitting victims anti-spam. Larry Seltzer at eWeek posted a blog Spammers Sidestep SMTP about what happens when spammers start using free web based like Gmail, HotMail, and Yahoo! mail systems to send spam. Seltzer suggests new tests need to be developed to check for "humaness" or perhaps a change in how email is sent and received are potential solutions. I got a call on Sunday from an InformationWeek visitor about a problem he is experiencing with forwarding spam email to spam@uce.gov, the Federal Trade Commissions email account for reporting spam and phishing. Ironically, he was also blocked by TechWeb’s anti-spam gateway for a bad reputation, hence the phone call. I asked him to forward me the email to my web account and guess where it ended up? If you guessed my spam folder, you would be right. There are a couple of things going on that makes sending and receiving legitimate email bothersome. Public mail services like Gmail, Yahoo! and Hotmail to filter outbound email for potential spam sent from bogus accounts. That is a reasonable and a responsible action to take. But as we know with any anti-spam system, sometimes legitimate email gets caught in the mix; even email that is being sent to the an authorized spam reporting drop box like spam@uce.gov.
The year 2008 has seen another record of explosive growth in the amount of malicious software (malware) on the Internet, according to F-Secure. F-Secure protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. The company's detection count tripled in one year, or rather, the total amount of malware accumulated over the previous 21 years increased by 200 percent in the course of just one year. The security firm released these findings in its End of Year Data Security Wrap-up for 2008. Internet crime is now more prevalent and more professional than ever before, said the company. F-Secure believes that the obvious inefficiency of the international and national authorities in catching, prosecuting and sentencing Internet criminals is a problem that needs to be solved. Mikko Hyppönen, F-Secure's chief research officer has called for the establishment of 'Internetpol' to tackle online crime.
A special agent in the FBI's Cyber Division offered the following tips to protect your computer from intrusion: * Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection. * Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users' knowledge. Most types of antivirus software can be set up to update automatically. * Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It's like buying groceries—shop where you trust.
SAN FRANCISCO — Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught. As more business and social life has moved onto the Web, criminals thriving on an underground economy of credit card thefts, bank fraud and other scams rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A Russian company that sells fake antivirus software that actually takes over a computer pays its illicit distributors as much as $5 million a year. With vast resources from stolen credit card and other financial information, the cyberattackers are handily winning a technology arms race.
MessageLabs said in its Annual Security Report that a number of new cyber-crime trends had taken shape, among them more targeted attacks and a greater focus on web services and social networks. Among the major trends was a surge in web-based attacks. Reports of sites being used to spread malware jumped by 83 per cent over the year, a figure largely attributed to an increase in SQL injection attacks over the summer. Social networking sites and web-based applications were also a popular target this year. MessageLabs saw major increases in attacks as criminals adopted the use of fake profile pages or phony video sites to infect new users. The company expects this trend to continue into 2009. "In 2008 the threats targeting social networking environments became very real," said MessageLabs chief security analyst Mark Sunner.
“Facebook finally hits the mainstream,” a CNET post proclaims today. A report from industry watcher O’Reilly Radar finds that US growth for the site has been strongest among users aged 26-59. It comes as no surprise, then, that as the site’s reach expands, that attempts to exploit it should also. This morning I awoke to an email warning of a malicious message circulating among Facebook friends. Turns out I wasn’t alone. The Journal of New England Technology reports: “Look you were filmed all naked!” read the subject header on one iteration of the virus-spreading message, which is being sent automatically from infected accounts to the “friend” list for that account. Clicking the link usually takes users to a page that looks like YouTube, and a pop-up message advises the user to download a Flash plug-in. The download contains the virus, which replicates by contacting everyone on the victim’s Facebook friend list and advancing the hoax. The “Koobface” worm was first discovered in the middle of this year, and can open back doors that can install other software. The resulting round of “Sorry, I was hacked – don’t click that link I sent you” emails are time consuming and embarrassing, and efforts to get back a compromised account can be difficult, and sometimes futile. The tactic isn’t an old one on the Web, but it is finding resurgence in Facebook as more users join the site.
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia. Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.
Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today. The attack, first reported by The Register, a security news Web site, began in the early morning hours of Dec. 2, when Checkfree's home page and the customer login page were redirected to a server in the Ukraine. CheckFree spokeswoman Melanie Tolley said users who visited the sites during the attack would have been redirected to a blank page that tried to install malware. Tolley added that CheckFree regained control over its site by 5 a.m. on Dec. 2. The company said it was still having the malware analyzed by experts. "The degree of exposure to users is dependent on how current their anti-virus software is and what browser they used to connect with," Tolley said, adding that the company will release more information about the attack as it becomes available.
As New Year’s resolutions go, here’s one we should all take seriously - to make a stand against online viruses, spyware and other digital demons. Do it mostly to protect yourself but also as a courtesy to all who come in contact with your computer. Computer viruses are no different from the organic variety, in that they depend on others to spread and move around. So when your PC becomes infected, thanks to improper safeguards, you become an unwitting collaborator to the hackers who originally dispersed it. The threat is so serious that the day might come when it’s illegal to go online without minimal viral protection. Doing so might be interpreted as deliberately aiding and abetting hackers. In a perfect world, Internet service providers would be legally required to provide online threat protection for all clients. When you think about it, letting customers surf unprotected is akin to automakers selling vehicles with optional bumpers, seat belts and air bags. It makes sense to provide this service as part of the total package.
