http://www.spambully.com/news/ SpamBully News en-us Copyright 2010 Axaware Tue, 09 Mar 10 04:00:55 -0800 Tue, 09 Mar 10 04:00:55 -0800 http://blogs.law.harvard.edu/tech/rss SpamBully custom feed 300 webmaster@spambully.com (SpamBully Webmaster) webmaster@spambully.com (SpamBully Webmaster) http://www.spambully.com/news/blog/story/937/Webmasters_Beware:_The_Other_Kind_Of_Spam/ Got an email address? Youre getting spam. Your mail provider might be doing a good job of screening you from420 it, but spam on the Internet is as common as Botox at the Oscars! Unfortunately email spam isnt the only spam variety. Theres also link spam.Unless you run a website you might not know about link spam. Its a way for blackhat webmasters to pump up the value of their sites and it all relates back to how search engines work.Not only do search engines check the content of websites they also check to see who trusts or depends on those website. Thats shown by links. So, for instance, if you own a website and link back to AppScout we are forever grateful you are bestowing a little of your goodness on us. Thats how Google, Yahoo!, Bing and the others interpret your largess.But if you run a site thats not trustworthy and no one in their right mind would ever link to you how can you still achieve search engine greatness? One way is to game the system with link spam. We see it in our comments here on AppScout all the time though we work hard at policing against it.Great post. Thats really well thought out, is typical of comment spam. The content of the comment is meaningless. The commenter is really trying to get hisher URL listed alongside the comment. If he does--Bingo! News Mon, 08 Mar 10 20:00:55 -0800 http://www.spambully.com/news/blog/story/937/Webmasters_Beware:_The_Other_Kind_Of_Spam/ http://www.spambully.com/news/blog/story/936/California_Man_Accused_Of_Trying_To_Extort_NY_Life_Insurance/ NEW YORK Dow Jones--A California man has been charged with trying to extort nearly 200,000 from New York Life Insurance Co. by threatening to send six million disparaging spam email messages about the company.Anthony Digati, 52 years old, of Chino, Calif., has been charged with one count of extortion through interstate communications. He faces up to two years in prison on the charge.It was revealed in a court appearance in California on Monday that his alleged target was New York Life. The companys name wasnt initially disclosed when the case was unsealed on Monday.Digati was arrested in California on Saturday. Bail was set at 50,000 at a hearing in federal court in California on Monday. As a condition of his bail, Digati is prohibited from engaging in Internet use regarding New York Life.Calls to Digati and his lawyer werent immediately returned Monday.After Mr. Digati contacted the company with his threats, we conducted a thorough investigation and determined the best course of action was to turn this over to the FBI for their assessment, a New York Life spokesman said. The company has no further comment, he said.Prosecutors from the U.S. Attorneys office in Manhattan alleged that Digati, on Feb. 22, contacted more than a dozen employees and executives of the insurer and one director by email, telling them to visit a Web site he had created.Im sorry it had to come to this, but I guess you wont listen to what customers concerns are, Digati allegedly said in the email, according to prosecutors. You enjoy ripping policyholders off with obscure products bought because of the trust you have established over 160 years. You enjoy misleading the public and I will make it my purpose in life to educate them. News Mon, 08 Mar 10 19:59:10 -0800 http://www.spambully.com/news/blog/story/936/California_Man_Accused_Of_Trying_To_Extort_NY_Life_Insurance/ http://www.spambully.com/news/blog/story/935/Anthony_Digati_arrested_for_allegedly_threatening_New_York_Life_with_email_spam_attack/ A California man who felt like his insurance company was cheating him has been arrested for threatening to launch a spam email attack against the company.Anthony Digati, 52, was arrested over the weekend and charged with extortion, federal prosecutors in Manhattan announced Monday.Digati had sunk almost 50,000 into a variable life insurance policy sold by New York Life and wanted a fourfold return.When the firm didnt comply, he allegedly threatened to send out 6 million emails critical of the company - which prosecutors say is extortion.As you have denied my claim I can only respond in this way, Digati wrote in an e-mail sent last months to dozens of the companys employees, according to a criminal complaint in Manhattan Federal Court.You no longer have a choice in the matter, unless of course you want me to continue with this outlined plan. I have nothing to lose, you have everything to lose.Of course it is spam, I hired a spam service, I could care less, The damage will be done, Digati allegedly crowed. News Mon, 08 Mar 10 19:57:22 -0800 http://www.spambully.com/news/blog/story/935/Anthony_Digati_arrested_for_allegedly_threatening_New_York_Life_with_email_spam_attack/ http://www.spambully.com/news/blog/story/934/Energizer_Duo_software_suffers_backdoor_Trojan_bother/ A Trojan backdoor found its way into Energizer Duo USB battery charger software downloads.Malware bundled in a charger-monitoring software download package opens up a back door on compromised Windows PCs. The contaminated file is automatically downloaded from the manfacturers website during the installation process, not bundled with an installation CD.Symantec warns that a file called Arucer.dll, which it identifies as Trojan-Arugizer, that is installed on compromised systems is capable of all manner of mischief. This includes sending files to the remote attacker or downloading other strains of malware, as instructed via commands on a back channel controlled by hackers.Its unclear how long the potentially malicious file has been offered up for public download or how many have been infected, as a write-up on the threat by Symantec explains.In a statement, Energizer acknowledged the problem and discontinued sale of the affected device, the Duo Charger Model CHUSB. The battery maker has also launched an investigation into how backdoor functionality found its way into its software. News Sun, 07 Mar 10 22:01:06 -0800 http://www.spambully.com/news/blog/story/934/Energizer_Duo_software_suffers_backdoor_Trojan_bother/ http://www.spambully.com/news/blog/story/933/Qualys_to_scan_Web_sites_for_malware/ Qualys is set to launch on Monday a free service for Web site operators that will scan their sites for malware.As part of the service, QualysGuard Malware Detection crawls the pages of customer sites and looks for invisible iFrames, malicious JavaScript code, and other indications of a stealth threat to visitors and provides automated alerts and reports to Web site owners.The company has profiled Internet Explorer 6 and Adobes Acrobat, Reader, and Flash Player to understand exactly what happens under normal conditions so it can quickly detect deviations that occur when malware is present, said Wolfgang Kandek, chief technology officer at Qualys.Profiles and testing on additional apps will be forthcoming, he said. We think those apps are what attackers typically have in their sights right now, but we will not stop there, he said.Google spinoff Dasient offers a free service that alerts Web sites when they appear on malware blacklists and a paid service that detects and quarantines malware on sites. News Thu, 04 Mar 10 20:18:14 -0800 http://www.spambully.com/news/blog/story/933/Qualys_to_scan_Web_sites_for_malware/ http://www.spambully.com/news/blog/story/932/McAfee_Says_Hackers_Sought_Companies’_‘Crown_Jewels’_Update2/ March 3 Bloomberg -- McAfee Inc., exploring the cyber attacks originating from China, discovered at least six incidents in which hackers broke into the computer systems that companies use to house valuable intellectual property.We know that these systems were absolutely targeted for the crown jewels of each organization -- potentially representing billions of dollars, George Kurtz, McAfees chief technology officer, said today in an interview from Santa Clara, California. We want to shed light on a problem that many didnt realize.Many companies hold source codes, product formulas and other kinds of intellectual property in software configuration management systems, said McAfee, the second-largest maker of security software. Companies typically set up these systems to support collaboration and version control, and they assume network security will keep their internal systems safe.Google Inc., the worlds most-popular search engine, said in January that it found evidence of sophisticated cyber attacks originating from China. Hackers went after at least 20 companies, Google said at the time.Those attacks are being investigated by U.S. government agencies, local law enforcement and security experts such as McAfee and larger rival Symantec Corp. McAfee Chief Executive Officer Dave DeWalt said this week that his company was the first to notice the hacks. News Wed, 03 Mar 10 21:47:42 -0800 http://www.spambully.com/news/blog/story/932/McAfee_Says_Hackers_Sought_Companies’_‘Crown_Jewels’_Update2/ http://www.spambully.com/news/blog/story/931/McAfee:_Source_code_is_easy_target_within_corporations/ SAN FRANCISCO--The type of software corporations use to house source code that criminals targeted in the recent attacks on Google and others is generally weak in security protection, McAfee researchers said on Wednesday.McAfee analyzed a commonly used software for housing intellectual property called Perforce and released its findings during a session at the RSA security conference here. The company helped in the discovery that a hole in Internet Explorer 6 was exploited in at least some of the recent attacks on U.S. firms and named the attacks Operation Aurora after the malware used.Now the security company is turning its attention to looking at what attackers would be capable of doing once they are inside an organization.When Google disclosed the targeted attack on its network in mid-January, it said intellectual property was stolen. Gmail users who are human rights activists were also targeted in attacks and Google said the attacks appeared to originate in China and that it would stop censoring its Web results there and possibly exit the market entirely.Meanwhile, sources said at least 30 other companies were targeted in attacks in which intellectual property was at risk. Adobe and Intel have publicly disclosed that they were targeted in attacks last year, although it is unclear whether they are part of the attacks that targeted Google.Stuart McClure, general manager risk compliance at McAfee, said he could not say whether Perforce was used at the companies McAfee knows were attacked. News Wed, 03 Mar 10 21:45:42 -0800 http://www.spambully.com/news/blog/story/931/McAfee:_Source_code_is_easy_target_within_corporations/ http://www.spambully.com/news/blog/story/930/The_Latest_BlackBerry_Spyware_Scare:_Dont_Worry_Yet/ 02-08 12:07 PST -- Here we go again. Another BlackBerry security scare, in which some noble researcher explains to all of us blissfully-unaware BlackBerry users that our precious devices arent nearly as safe as we think they are.Lions, tigers, mobile spyware. Oh my.This time its security-software-maker Veracode decrying the BlackBerrys weaknesses. More specifically, Tyler Shields, a senior researcher with Veracode Research Lab, has put together and publicly released some proof-of-concept spyware code, dubbed TSXBBSpy, that can reportedly wipe a BlackBerry clean, distribute on-board data via e-mail and monitor voice-mail messages in real-time.Why would Shields release the source code for such an app? Well, to show the world how easy it is to write of course.Sounds frightening, right? Well, yes and no. First of all, such malicious software really isnt new. Weve seen similar spyware emerge over the past couple of years with the growing popularity of the BlackBerry platform among RIMs traditional enterprise customer-base and in the massive consumer ranks.The most recent example that comes to mind is PhoneSnoop, which could turn your BlackBerry into a remote listening device. This app could indeed record your phone calls and send them to a third-party, but you not only had to install the suspicious app, but also grant it permission to your phone activity. As my friend, colleague and security-pro Ariel Silverstone put it in his blog post on the subject:It took over ten years for such a hack as the listening software to be available. And it is not even a hack. It is no more a hack than a user being asked, in bold letters, to perform five steps to install spyware software on their pc...If someone does all of this they should be reminded how to buckle their belts on every airliner they board, and they indeed do not deserve a berry.Ariels point: Sure, software exists that can hack into your BlackBerry and potentially perform all sort of nefarious deeds. But the security safeguards built into RIMs BlackBerry OS make it extremely difficult for miscreants to do so without the approval, and often assistance, of the BlackBerry user. News Wed, 03 Mar 10 21:43:38 -0800 http://www.spambully.com/news/blog/story/930/The_Latest_BlackBerry_Spyware_Scare:_Dont_Worry_Yet/ http://www.spambully.com/news/blog/story/929/Spamhaus_DNS_Blacklist_IDs_Spam_Domains/ Spamhaus, long famous for IP address-based databases of spammers and other abusers, has come out with a domain name blacklist.The DBL Domain Block List is a list of domains found in spam messages, both in the body and the fromto addresses, as well as phishing, fraud419 or domains sending or hosting malwareviruses. A database query provides will eventually this isnt working yet specify if the blocked domain is a spam, phish or malware domain.Mail servers and other spam filters can then examine e-mails and block them if they wish. A blog server could also use it to filter blog spam. Spamhaus doesnt check the destination of shortened URLs like tinyurl, so it cant filter them. The onus for this is on the shortening services.Obviously legitimate URLs can be found in spam messages, for instance if the message is falsely sent from a gmail.com address or if the spam links to an address on a legitimate site. Spamhaus says that the list is managed as a zero false-positive list, but they arent specific about the checks they perform.As with their other services, Spamhaus sells access to the list either on a per-entry query basis or as an Rsync service to synchronize the whole database. News Wed, 03 Mar 10 21:40:50 -0800 http://www.spambully.com/news/blog/story/929/Spamhaus_DNS_Blacklist_IDs_Spam_Domains/ http://www.spambully.com/news/blog/story/928/Botnets_cause_surge_in_February_spam/ Spam now accounts for close to 90 percent of all e-mail worldwide due to a surge in February, according to Symantec.Two botnets named Grum and Rustock helped push spam levels up 5.5 percent in February over the prior month, according to the security firms report PDF. After doing business as usual over the past year, Grum suddenly sprang to life in February, increasing the amount of spam it generated by 51 percent. As a result, the botnet is now to blame for 26 percent of all global spam.Rustock also surged last month, pushing up global spam levels by 25 percent on February 17 to the highest level for the entire month. The rise of both botnets were traced to activity related to Canadian pharmaceutical spam, Symantec said. One of the hottest scams on the Internet, pharmaceutical spam now is responsible for 65 percent of all worldwide spam.Whether the spammers are trying to clear this spam run more quickly or have discovered that it is successful, they have certainly been using multiple botnets to distribute high-volume spam campaigns in February, Symantec MessageLabs Intelligence senior analyst Paul Wood said Monday in a statement. The activities of this single spam operation have been driving recent global surges in spam rates and strongly impacting global spam levels in turn. Based on these latest spam patterns, we can predict additional surges in spam in the coming weeks. News Wed, 03 Mar 10 21:39:34 -0800 http://www.spambully.com/news/blog/story/928/Botnets_cause_surge_in_February_spam/ http://www.spambully.com/news/blog/story/927/Microsoft_Battles_Cyber_Criminals/ Microsoft Corp. launched a novel legal assault to take down a global network of PCs suspected of spreading spam and harmful computer code, adding what the company believes could become a potent weapon in the battle against cyber criminals.But security experts say it isnt yet clear how effective Microsofts approach will be, while online rights groups warn that the activities of innocent computer users could be inadvertently disrupted.On Monday, a federal judge in Alexandria, Va., granted Microsofts request for an order to deactivate hundreds of Internet addresses that the company linked to an army of tens of thousands of PCs around the globe, infected with computer code that allows them to be harnessed to spread spam, malicious virus programs and mount mass attacks to disable Web sites.The court order was issued under seala rare move in civil cases of this natureto allow the company to secretly sever communications channels among the computers before the networks operators could re-establish contact with the machines.Microsofts move is the latest escalation in a continuing battle against cyber crime, whose perpetrators have proved adept at using the Internet and an array of technical tools to evade law enforcement. Electronic nuisances like spam have become potent tools for profit by professional hackers, tricking PC users into passing on harmful software and disclosing credit-card numbers, passwords and other valuable personal information. News Sun, 28 Feb 10 22:34:18 -0800 http://www.spambully.com/news/blog/story/927/Microsoft_Battles_Cyber_Criminals/ http://www.spambully.com/news/blog/story/926/Social_Media_Release:_Symantec_Announces_February_2010_MessageLabs_Intelligence_Report/ Symantec Corp. NASDAQ: SYMC today announced the publication of its February 2010 MessageLabs Intelligence Report. Analysis reveals a surge in spam levels in February to 89.4 percent, an increase of 5.5 percent since January mostly due to an increase in spam emanating from the Grum and Rustock botnets. Over the past year, Grum has experienced relatively little change in spam volumes, but from February 5, Grums output increased by 51 percent making it responsible for 26 percent of all spam, up from its usual 17 percent. Another significant spike in spam volumes occurred on February 17, when global spam volumes increased by 25 percent pushing spam volumes to their highest for the month. The spike was caused by an increase in output from the Rustock botnet. According to MessageLabs Intelligence, both spikes in activity were related to a Canadian pharmacy-style spam run. Pharmaceutical spam now accounts for 65 percent of all spam.Whether the spammers are trying to clear this spam run more quickly or have discovered that it is successful, they have certainly been using multiple botnets to distribute high-volume spam campaigns in February, said MessageLabs Intelligence Senior Analyst, Paul Wood. The activities of this single spam operation have been driving recent global surges in spam rates and strongly impacting global spam levels in turn. Based on these latest spam patterns, we can predict additional surges in spam in the coming weeks.While spam volumes grew in February, the size of spam messages simultaneously shrank as did the number of spam emails containing attachments. Over the past year, the number of attachments diminished from 10 percent in April 2009 to less than 1 percent in February 2010. The average file size of a spam email has fallen from 5 Kb in October 2009 to 3.3 Kb in February 2010.Rather than attach images to emails directly, Wood said, spammers are choosing to host the image online with a free image hosting service thus reducing the average file size of a spam email and enabling the botnets to send a greater volume of spam per minute. News Sun, 28 Feb 10 22:32:07 -0800 http://www.spambully.com/news/blog/story/926/Social_Media_Release:_Symantec_Announces_February_2010_MessageLabs_Intelligence_Report/ http://www.spambully.com/news/blog/story/925/With_an_unusual_legal_move_Microsoft_disrupts_rampant_spam_botnet_Waledac/ With an unusual legal move, Microsoft disrupts rampant spam botnet WaledacInternally at Microsoft, it was known as Operation b49 months of investigation into the origins of Waledac, an Internet spam bot that has infected hundreds of thousands of peoples computers around the world.Waledac is believed to be managed by numerous black-market criminals, who have engineered the bot to broadcast potentially 1.5 billion spam e-mails a day.Many of those criminals have Internet domains such as discountfreesms.com that run the Waledac bot. So Microsoft, in an attempt to decapitate the botnet, filed a lawsuit PDF Monday in U.S. District Court for the Eastern District of Virginia against 27 John Doe criminals and sought a temporary restraining order on 273 domains.The domain-level tactic had never before been applied to disrupt a botnet, a Microsoft spokesperson said. The same day, Judge Leonie M. Brinkema granted the restraining order PDF and Microsoft got to work blocking Internet access to those criminals without their knowledge. News Thu, 25 Feb 10 10:36:56 -0800 http://www.spambully.com/news/blog/story/925/With_an_unusual_legal_move_Microsoft_disrupts_rampant_spam_botnet_Waledac/ http://www.spambully.com/news/blog/story/924/Court_Order_Helps_Microsoft_Tear_Down_Waledac_Botnet/ With the help of a U.S. federal judge, Microsoft has struck a blow against one of the Internets worst sources of spam: the notorious Waledac botnet.Microsoft said late Wednesday that it had been granted a court order that will cut off 277 .com domains associated with the botnet. This will effectively knock the brains of Waledac off the Internet, by removing the command-and-control servers that criminals use to send commands to hundreds of thousands of infected machines.Thought to be used by Eastern European spammers, Waledac has been a major source of computer infections and spam over the past year. Microsoft believes the botnet can send over 1.5 billion b spam messages daily.In a lawsuit against the unknown spammers behind Waledac, filed Monday with the U.S. District Court of Eastern Virginia, Microsoft argues that Verisign, which manages the .com domain, is a choke-point for the botnet. The court has apparently ordered Verisign to remove the botnets command-and-control domains from the Internet.This action has quickly and effectively cut off traffic to Waledac at the .com or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world, Microsoft said in its blog post announcing the effort. News Wed, 24 Feb 10 22:15:49 -0800 http://www.spambully.com/news/blog/story/924/Court_Order_Helps_Microsoft_Tear_Down_Waledac_Botnet/ http://www.spambully.com/news/blog/story/923/MS_uses_court_order_to_take_out_Waledac_botnet/ Microsoft has won a court-issued take-down order against scores of domains associated with controlling the spam-spewing Waledac botnet.The software giants order allows the temporary cut-off of traffic to 277 Internet domains that form command and control nodes for the network of compromised machines. Infected zombie machines are programmed to regularly poll these control points for instructions and spam templates.The .com domains, registered in China, will be sin-binned by VeriSign, at least temporarily decapitating the network. Microsoft estimates that Waledac was one of the 10 largest botnets in the US and a major distributor of spam for online unlicensed pharmacies, knock-off goods and other tat, as explained in a blog posting by its legal team here. Waledac is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day. In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.The Microsoft lawsuit also accuses 27 as-yet-unnamed defendants of cybercrime offences associated with the Waledac botnet. News Wed, 24 Feb 10 22:13:49 -0800 http://www.spambully.com/news/blog/story/923/MS_uses_court_order_to_take_out_Waledac_botnet/ http://www.spambully.com/news/blog/story/922/Hackers_could_turn_your_iPhone_into_spy_phone/ The handsets could be hijacked using malware as they steadily become as advanced as computers, say experts.Software known as a rootkit could let hackers turn on tracking GPS, drain the battery or even send confidential data, all without the owners knowledge.Rootkits are a well-known kind of malware that mask their own existence on the computer, and can be installed via e-mails that trick users into opening attachments.Smartphones are essentially becoming regular computers, said Vinod Ganapathy at Rutgers University in New Jersey. They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack.What were doing today is raising a warning flag, said fellow researcher Liviu Iftode. Were showing that people with general computer proficiency can create rootkit malware for smartphones. The next step is to work on defences, he added.However, it is much harder to slip rootkits into smartphones, which tend to have strict rules on non-approved code being installed, say security experts.The mobile phone malware threat is growing but its a tiny raindrop in a thunderstorm compared to regular attacks that strike Windows computers, said Graham Cluley of security company Sophos. News Tue, 23 Feb 10 21:12:50 -0800 http://www.spambully.com/news/blog/story/922/Hackers_could_turn_your_iPhone_into_spy_phone/ http://www.spambully.com/news/blog/story/921/Twitter_Averaging_50_Million_Tweets_Per_Day/ What a difference a year makes. Twitter is now fielding 50 million Tweets every day, Kevin Weil, the analytics lead at the micro-blogging site, said in a Monday blog post.People are now tweeting an average of 600 tweets per second, Weil said.In 2007, Twitter had only 5,000 Tweets per day, a number that jumped to 300,000 in 2008 and 2.5 million in 2009. Throughout last year, however, average number of Tweets jumped 1,400 percent to 35 million each day.Weil said the numbers do not include Tweets from accounts identified as spam.Tweet deliveries are a much higher number because once created, tweets must be delivered to multiple followers, Weil wrote. Then theres search and so many other ways to measure and understand growth across this information network. Tweets per day is just one number to think about. Well make time to share more information so please stay tuned. News Tue, 23 Feb 10 21:09:27 -0800 http://www.spambully.com/news/blog/story/921/Twitter_Averaging_50_Million_Tweets_Per_Day/ http://www.spambully.com/news/blog/story/920/How_to_apologize_after_spreading_spam/ Love may mean never having to say youre sorry, but not so with certain vicious kinds of spam that can lead to compromised online accounts, especially on social networking sites like Twitter and Facebook, where more and more of us are congregating these days.After many years of an unbroken record of not biting on spam, viruses or phishing attempts, I was taken. Im not proud to admit it, but there it is. Over the weekend, a direct message, or DM on Twitter from a work colleague caught my attention: LOL is this you? with a link to click on.What was he referring to? Something Id written? A photo that shouldnt be online, but was? I couldnt imagine what it might be, but an irrational fear of something humiliating and the fact it was sent on a weekend propelled me to click on the link. And now, I truly am humiliated, apologizing to several people who are connected to me on Twitter who got the same bogus message, but from me just like I got it from the work colleague who inadvertently clicked on the link. News Tue, 23 Feb 10 21:07:42 -0800 http://www.spambully.com/news/blog/story/920/How_to_apologize_after_spreading_spam/ http://www.spambully.com/news/blog/story/919/Chuck_Norris_botnet_doesnt_infect_routers......it_stares_them_down_until_they_infect_themselves/ A so-called Chuck Norris botnet is hijacking poorly-configured routers and DSL modems.According to ComputerWorld, the botnet spreads by malware that installs itself on routers and modems by guessing the default administrative password and seizing control due to many devices being configured to allow remote access.Masaryk Universitys Institute of Computer Science in Brno, Czech Republic named the malware and its botnet after the American tough-guy actor and internet meme because of a comment in its source code that reads: in nome di Chuck Norris. For those who dont parlate Italiano, that means in the name of Chuck Norris.Norris is best known for his martial arts prowess and round-house-kicking acumen in films like The Way of the Dragon. He is also cited as the reason that Wally is hiding and noted for playing Russian Roulette with a full-loaded pistol and winning.The Chuck Norris malware takes control of MIPS-based devices running the Linux operating system by launching a password-guessing dictionary and can change the DNS settings in a router. Once a router has fallen victim to Norris, the device will redirect a user to a malicious webpage that attempts to install a virus. News Mon, 22 Feb 10 21:08:47 -0800 http://www.spambully.com/news/blog/story/919/Chuck_Norris_botnet_doesnt_infect_routers......it_stares_them_down_until_they_infect_themselves/ http://www.spambully.com/news/blog/story/918/St._Thomas_blocks_access_to_Star_Tribune_site_over_malware_concern/ The University of St. Thomas temporarily blocked access to the Star Tribune Web today after getting complaints that the site was infecting campus computers with a fake pop-up ad.The malware planted a pop-up ad for a company called Antivirus Soft on the infected machine that told the user his computer had been infected with a virus and should click on it to run a scan.The click takes you to a fake antivirus software Web site that really is a ruse to steal credit card information, said Jennifer Haas, director of client services for the universitys Information Resources and Technology office.The pop-ad cannot be turned off and jams the persons computer, Haas said.Haas said her office warns students and staff to never provide their passwords or financial information to online solicitations.The Star Tribune said it removed all ad networks from its site Monday morning after the university informed it of the malware.All advertising networks will be required to... complete a check of every ad they run, and to verify that they are not running this ad, before we allow it them to run on our site, the Star Tribune said on its Web site.St. Thomas said it restored access to the newspapers Web site around 2 p.m. The university has nearly 11,000 students. News Mon, 22 Feb 10 21:06:27 -0800 http://www.spambully.com/news/blog/story/918/St._Thomas_blocks_access_to_Star_Tribune_site_over_malware_concern/ http://www.spambully.com/news/blog/story/917/Feds_Close_to_Uncovering_Who_Launched_Attacks_on_Google/ U.S. government analysts think they know who wrote a key part of a spyware program used in hacker attacks on Google in China last year. According to a report in the Financial Times News - Alert, authorities have linked some code used in the spyware program to a Chinese man with government links.The Financial Times reported on Monday the man is a security consultant who posted sections of the program to a hacking forum. From there it was uploaded by someone else who created the program. Authorities still have not pinpointed who actually launched the attack however they have traced it to computers at two Chinese universities, which may have been used as part of a botnet. News Mon, 22 Feb 10 21:04:26 -0800 http://www.spambully.com/news/blog/story/917/Feds_Close_to_Uncovering_Who_Launched_Attacks_on_Google/ http://www.spambully.com/news/blog/story/916/Malware_crashed_systems_during_Windows_security_updates/ Windows systems that crashed during the latest Microsoft security update last week did so because they were infected with a rootkit program that made changes to the operating system kernel, Microsoft said late on Wednesday.The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state, Mike Reavey, director of the Microsoft Security Response Center, wrote in a blog post. In every investigated incident, we have not found quality issues with security update MS10-015.The patch addresses a vulnerability in the 32-bit Windows kernel that could allow elevation of privilege that was disclosed last month.The Win32Alureon family of malware can modify DNS settings, hijack searches, and fraudulently click on ads, Microsoft said in a post on its Malware Protection Center Blog. Last year, versions appeared that infect the miniport driver associated with the hard disk of the operating system, the post says.Microsoft will not offer the patch through Automatic Update for 32-bit Windows systems until a solution is available, but 64-bit versions will be offered.Anyone believed to have been affected by the Alureon rootkit can visit https:consumersecuritysupport.microsoft.com. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 PCSAFETY. Those outside the United States can find local contact numbers at http:support.microsoft.cominternational. News Mon, 22 Feb 10 03:54:31 -0800 http://www.spambully.com/news/blog/story/916/Malware_crashed_systems_during_Windows_security_updates/ http://www.spambully.com/news/blog/story/915/Twitter_‘LOL’_Phishing_Attack_Turns_Into_Spam_Wave/ Yesterday we wrote about a new phishing attack on Twitter, which lured unsuspecting users into giving away their Twitter credentials. The compromised accounts were then used to spread the attack further via direct messages containing text such as lol, is this you, Lol. this is me??, lol , this is funny etc.IT security firm Sophos now has detailed info on the attacks and a video describing them, which weve embedded below.After the first attack wave, however, the phishers are now using the compromised accounts to send out spam, which resulted in a huge amount of Viagra-related messages on Twitter Twitter, which read something similar to this: Get bigger and have sex longer. go here, followed by an address that leads to a sexual enhancement site.Once again, if you see unusual messages similar to the examples above sent from your Twitter account, it may mean it has been compromised, and you should change your Twitter password immediately. News Mon, 22 Feb 10 03:52:58 -0800 http://www.spambully.com/news/blog/story/915/Twitter_‘LOL’_Phishing_Attack_Turns_Into_Spam_Wave/ http://www.spambully.com/news/blog/story/914/Spam_shortened_URLs_and_software_vulnerabilities_highlight_latest_security_threat_report/ Rebounding spam traffic, increased use of shortened URLs to deliver malicious payloads, and continued vulnerabilities among some of the most popular software applications were among the most serious security threats over the last six months 2009 according to data from M86 Security.The report from M86 declares 2009 will be remembered as the year that spam came back with a vengeance. Indeed, according to M86s stats, spam reached an estimated 200 billion messages per day in 2009, with five botnets producing 78% of these messages, and the top nine churning out nearly 90% of spam.The volume of malicious spam hovered around the 600 million messages per day mark for the first half of 2009, but shot up to nearly 3 billion per day over the final six months of the year. M86 credits the fall of the McColo network as the primary reason for the decrease at the end of 2008, stretching into the first half of 2009. But, as its data show, it did not take long for spam volume to return to pre-McColo levels.At the time we compiled our report, both the Mega-D and Lethic botnets were taken overtaken down by security professionals, said Bradley Anstis, VP of technical stragtegy for M86 Security.But like a Romero zombie, it appears there is a bit of life left in these networks. As recent as this week, weve observed that both Mega-D and Lethic have risen from the dead, Anstis told Infosecurity via e-mail. These criminal organizations have much at stake in terms of revenues, and therefore will not go down without a fight. News Thu, 18 Feb 10 21:43:55 -0800 http://www.spambully.com/news/blog/story/914/Spam_shortened_URLs_and_software_vulnerabilities_highlight_latest_security_threat_report/ http://www.spambully.com/news/blog/story/913/Olympic_Skier’s_‘Spam_King’_Reputation_Tarnishes_Silver/ Winning a silver medal on the moguls hasnt allowed Australian skier Dale Begg-Smith to forget his past as a spam mogul.If theres one thing fans hate more than athletes training dogs to fight to the death, cheating on their wives or murdering them, apparently its filling their screens with pop-up advertisements. That about the only thing that can explain the reception of Australian silver medalist Dale Begg-Smith, whose questionable past as a purveyor of Internet spam has continued to ruffle feathers following his medal-winning performance on Sunday night.The Canadian expatriates woes date roughly a decade, when he started a company called AdsCPM with his brother. Allegedly, the company used malicious adware and pop-under advertising to deliver up to 100,000 downloads and 20 million pops a day, numbers that come from its Web site archived from 2005. In other words, Begg-Smiths company was the bane of the Internet.His past first came to light at the 2006 Winter Olympics in Turin, where he actually collected gold. This time around, the scrutiny has been doubly intense, since Begg-Smith, a native of Vancouver who left Canada to train and live in Australia, lost to a Canadian.Begg-Smiths stony reaction during his medal ceremony earned him even more scrutiny on top of the spam claims. Australians newspapers branded him a sourpuss and Mr. Miserable, while Canadians refer to him as a traitor.The lesson here: The Internet does not forget. News Thu, 18 Feb 10 06:02:30 -0800 http://www.spambully.com/news/blog/story/913/Olympic_Skier’s_‘Spam_King’_Reputation_Tarnishes_Silver/ http://www.spambully.com/news/blog/story/912/Spam_tops_400_billion_a_day/ Spam is no joke, according to security experts at the Messaging Anti-Abuse Working Group MAAWG conference this week in San Francisco. The annual San Francisco meeting of Internet security experts, reviewed once again the serious problems facing companies and their computers on a daily basis.Ninety percent of the worlds email is spam, causing enormous headaches and serious trouble for companies large and small. In the last week of January, anti-spam experts from Cisco say the amount of spam topped 400 billion messages a day.Its no surprise that your systems are clogged, and you are working overtime to keep your computers clear of menacing emails. Cybercriminals are getting smarter and more sophisticated, according to experts at the conference.Spam is a global problem, according to these experts. The source of spam from the United States and Brazil, which had been the leading countries producing it, dropped off. And spam from other countries, including Germany, the Netherlands, Vietnam and India, has been growing. News Thu, 18 Feb 10 06:00:11 -0800 http://www.spambully.com/news/blog/story/912/Spam_tops_400_billion_a_day/ http://www.spambully.com/news/blog/story/911/Undead_botnets_blamed_for_big_rise_in_email_malware/ Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day.A new report by net security firm M86 Security points the finger of blame for the torrent of malware, phishing and other scams collectively defined as malicious spam and junk mail more generally towards botnet networks of compromised machines. It reckons five botnets were responsible for 78 per cent of the malicious spam it fought in the second half of 2009.M86 reports that the major spam botnets such as Rustock, Pushdo or Cutwail and Mega-D continue to dominate spam output, supported by second-tier botnets such as Grum, and Lethic. Rustock alone pushed out 34 per cent of spam in 2H09. Pushdo zombie drones puked out one in five spam messages 20 per cent, with Mega-D zombies account for 9 per cent of the global junk mail nuisance.Just like Mega-D before it, the Lethic botnet has returned from the grave since it was decapitated by the combined efforts of security firms and ISPs in early January, a sign that criminal hackers are building more resilient systems with better disaster recovery features. News Wed, 17 Feb 10 04:45:47 -0800 http://www.spambully.com/news/blog/story/911/Undead_botnets_blamed_for_big_rise_in_email_malware/ http://www.spambully.com/news/blog/story/910/Malware_and_social_network_attacks_surge_in_09/ Malware-carrying spam and attacks via Twitter and Facebook grew dramatically in the second half of 2009, says a report PDF released Tuesday by security company M86 Security.The volume of spam shot up last year to more than 200 billion messages each day, or 80 percent to 90 percent of all inbound e-mail sent to organizations, said M86. Spam carrying malware also surged in the second half of the year, hitting 3 billion each day compared with 600 million per day in the first half of 2009.The vast majority of spam is now sent through botnets hiding on infected computers--the second half of 2009 alone saw 78 percent of all spam triggered by the top five botnets, such as Rustock and Pushdo.As most spam is triggered by just a few select botnets, a takedown of those specific threats could have a huge impact on malware, notes M86. But since most cybercriminals are part of organized gangs, theyve proved to be adept at bouncing back from attempts to take them down.Spam messages that carry malware payloads have become more sophisticated over the past year. One example pointed out by M86 is the Virut virus, which can install virtually any type of malware on a PC by infecting executable files with .exe and .scr screensaver extensions. News Wed, 17 Feb 10 04:24:52 -0800 http://www.spambully.com/news/blog/story/910/Malware_and_social_network_attacks_surge_in_09/ http://www.spambully.com/news/blog/story/909/Google_Buzz_Gets_Privacy_Patch/ Google on Thursday declared Buzz a success while simultaneously announcing several changes to enhance the privacy of Buzz users amid a growing chorus of complaints.Tens of millions of people have experimented with Buzz, the company said, resulting in over 9 million posts and comments. It also said that it was seeing 200 Buzz posts per minute coming in from mobile phones.Thats a drop in the bucket compared to the 135.5 billion spam messages per day that McAfee reported as an average in 2009, but Buzz is just getting started. Whether Buzz has a future may depend on how it addresses user privacy concerns, which have already led some users to disable the service.Buzz is Googles second attempt to reinvent e-mail, its first being Google Wave, the promising but unreleased marriage of e-mail, instant messaging and collaboration.Gmail users who enable Buzz can share photos, videos and status updates with a ready-made social network, their Gmail contacts. The trouble is that Buzzs proclivity to share often defies user expectations by making information like e-mail addresses, contact names, and social connections publicly accessible. News Sun, 14 Feb 10 22:03:28 -0800 http://www.spambully.com/news/blog/story/909/Google_Buzz_Gets_Privacy_Patch/ http://www.spambully.com/news/blog/story/908/Warnings_issued_for_Valentine’s_spam_and_malware/ As is often the case around major holidays, especially those where giving gifts seems compulsory, most major security vendors are warning about scam emails focused on Valentines Day.Many of the major security software suppliers, including Panda, Sophos and McAfee, have issued warnings for the onslaught of spam and malware for the Valentines Day holiday. Vendors have identified both email spam and search engine results centered on the Valentines theme that link to compromised sites containing malware.As we have seen with major breaking news stories, search engine queries are frequently producing links to malware-infected sites. McAfee Labs warns that some of the most popular search targets include ecards and screensavers with Valentines themes. A recent blog post by the company demonstrates that searching the terms Valentines Day Screensavers resulted in compromised sites for three of the top 10 results, including the top two spots.Its a predictable problem that shows up almost each and every holiday, and with good reason. If you perhaps lacked a bit of savvy and replied to a spam email in the past, the prospects of receiving even more junk poses an even greater threat going forward.There are a number of problems that arise from purchasing products from spam, the major one being that you have confirmed that your email address is live and you respond to spam noted Sophos in its security blog. This means that you will end up getting more and more spam. News Thu, 11 Feb 10 22:13:20 -0800 http://www.spambully.com/news/blog/story/908/Warnings_issued_for_Valentine’s_spam_and_malware/ http://www.spambully.com/news/blog/story/907/Valentines_Day_brings_out_the_cyber_crooks/ Security experts have issued warnings of fresh web-based attacks as Valentines Day approaches.Attackers are using search engine optimisation techniques to achieve high rankings on results pages for common Valentines Day searches.The attack sites promise items such as screen savers, wallpapers and e-cards, but in fact contain malware designed to infect unsuspecting users.Its like clockwork. Valentines Day approaches and malware authors and cyber criminals are ready for it, said McAfee Avert Labs director Dave Marcus in a blog post.Internet users are advised to avoid suspicious links and unsolicited messages, keep systems updated and use well-maintained security software to minimise the risk of infection. News Thu, 11 Feb 10 22:12:18 -0800 http://www.spambully.com/news/blog/story/907/Valentines_Day_brings_out_the_cyber_crooks/ http://www.spambully.com/news/blog/story/906/Spam_warning_for_Google_Buzz_users/ Security experts are warning that Googles new Buzz social networking platform is already being exploited by spammers.Websense said in a security alert that the spammer in question is following over 200 people on Buzz, sending them messages which link to a site hosted on a free web hosting service talking about how to quit smoking.When Twitter was launched, it took a while before it was used to send spam and other malicious messages. In this case, it only took two days, said Websense.Its clear that the bad guys have learned from their experience using social networks to distribute these type of messages.We hope that Google is geared up for dealing with the volume of spam its bound to see on the new service. Until then, we advise users to be careful, as usual, when clicking on unknown links. News Thu, 11 Feb 10 22:10:20 -0800 http://www.spambully.com/news/blog/story/906/Spam_warning_for_Google_Buzz_users/ http://www.spambully.com/news/blog/story/905/Romantics_targeted_with_Valentine’s_Day_spam/ Virus protection company, PandaLabs, is warning internet users that cyber criminals will use Valentines Day-themed content to spread malware.The warning comes from PandaLabs, which has noticed an increase in Valentines Day spam emails containing malicious content and links. Offenders are coupling traditional methods of sending malware with new techniques, such as using social networking sites including Facebook and Twitter, as a vehicle to spread spam.Cyber criminals are using social engineering to convince users into disclosing personal information. These social engineering scams are often well disguised and seem legitimate to the untrained eye. Technical director of PandaLabs , Luis Corrons, believes that the methods are effective: The continued use of social engineering by cyber-crooks is a good indication of the infection ratios that this technique for tricking users returns. Otherwise, they would simply have stopped using it.In order to decrease spam threats, PandLabs advises users to avoid opening emails from unknown senders and stay clear of shared computers when making online transactions. News Thu, 11 Feb 10 03:15:09 -0800 http://www.spambully.com/news/blog/story/905/Romantics_targeted_with_Valentine’s_Day_spam/ http://www.spambully.com/news/blog/story/904/Mozilla_jumped_the_gun_add-on_malware_turns_out_to_be_false-positive/ Late last week Mozilla reported that it had discovered two malware-ladened add-ons for the Firefox browser being offered on the official download site. It now turns out that one of add-ons labeled as toxic was in fact clean.The add-on in question was Sothink Video Downloader 4.0. This add-on was incorrectly labeled as malware because one of the scanners that Mozilla had used to check all the add-ons available for download threw up a false-positive.According to a Sothink spokesperson, the error arose because of the tool used to encrypt the download a tool called Armadillo, which has been behind other false-positive reports because it is sometimes used by malware writers to encrypt toxic code. Note: For those out there interested in such things, heres a Virustotal scan of the Sothink Video Downloader 4.0.The Master Filer add-ondid still contain malware, and is believed to have infected fewer than 700 systems. News Tue, 09 Feb 10 22:21:21 -0800 http://www.spambully.com/news/blog/story/904/Mozilla_jumped_the_gun_add-on_malware_turns_out_to_be_false-positive/ http://www.spambully.com/news/blog/story/903/McAfee:_Spammers_exploiting_more_news_stories/ Bomb Blast. Jackson is still alive: proof. Obama cursed by Pope. These are just a few of the subjects used by cybercriminals last year to trick people into opening malware-infected e-mails.Spam that uses the latest news headlines was just one of the hot trends last year in the world of cybercrime, according to McAfees Q4 Threats Report PDF, released Tuesday. The latest threat assessment also noted a rise in hacktivism, or politically motivated cyberattacks.Though spam levels in the fourth quarter actually dropped by 24 percent from the third quarter, the daily volume of junk mail around the world still averaged 135.5 billion per day. To reach that level, spammers relied heavily on news stories, especially tragedies.The crash of an Air France plane and the death of Michael Jackson in June continued to be top themes for spammers to exploit throughout 2009, notes McAfee. The swine flu also triggered a slew of e-mails claiming to be from the Centers for Disease Control but which actually carried viruses in the form of Zeus Trojans. The surge in unemployment led to a rise in spam touting get-rich-quick schemes. And as always, terrorism and unrest aroun News Tue, 09 Feb 10 22:19:33 -0800 http://www.spambully.com/news/blog/story/903/McAfee:_Spammers_exploiting_more_news_stories/ http://www.spambully.com/news/blog/story/902/Political_hacktivism_surged_in_2009_says_report/ Last year, the web saw a surge in political hactivism - politically-motivated attacks on the internet - reports security software developer McAfee.According to the security vendors 2009 Q4 Threats Report, the US is no longer the sole target of political hacktivism and nor is China the sole origin for these types of attacks.McAfee pointed to recent political attacks targeting the Polish government, the Copenhagen Climate Conference and Latvias Independence Day, and even the UK, the company said, highlighting an attack University of East Anglias web servers, which with allegedly hacked by Russian freelance hackers, hired by climate change sceptics.The report also revealed 135.5 billion spam messages were sent every day in Q4 of 2009, although the number of spam messages received was down 24 percent on Q3.McAfee also said the UK was home to 3.2 percent of newly created zombie computers globally, making it ninth in the list of the biggest zombie-producing countries.China came in top, and was also responsible for 54.4 percent of all SQL injection attacks.The security vendor said spammers spent 2009 capitalising on events that hit the headlines, from Michael Jacksons death to the Air France plane crash.The security vendor also said 2009 saw an increase in fake antivirus software that convinces web users their PC is infected and encourages them to pay for fake security software, along with attacks on social networks such as Faceboook and attacks centred on web 2.0 services. News Mon, 08 Feb 10 21:10:50 -0800 http://www.spambully.com/news/blog/story/902/Political_hacktivism_surged_in_2009_says_report/ http://www.spambully.com/news/blog/story/901/Business_hackers_turn_to_social_media/ Social media is increasingly becoming fertile ground for hackers to attack companies with spam and malware, according to a report released Monday by a security company.A survey by Sophos of nearly 500 companies worldwide showed the number of companies that reported attacks through social media increased by 70 percent, compared with the year before.Information technology professionals became more concerned that employees everyday actions on social-networking sites are exposing companies to attacks. Sixty percent of interviewees said they were most concerned about security vulnerabilities in Facebook.Criminals banked on the inherent trust people have with their contacts, said Sophos senior security adviser Chet Wisniewski.Social media provides criminals with an opportunity. When I get a message on Facebook from my wife and I see a link, Im going to click it, Wisniewski said.Online lures known as phishing schemes and malware attacks, programs that aim to steal private information or control a victims computers, expanded their presence in social media sites by around 10 percent in the past eight months.Sophos identified 50,000 variants of existing viruses in 2009, almost twice as much as the previous year.Reports of spam, an epidemic that e-mail providers have been considerably effective in staving off through filters, rose 23.6 percent in the same period. News Mon, 08 Feb 10 11:44:28 -0800 http://www.spambully.com/news/blog/story/901/Business_hackers_turn_to_social_media/ http://www.spambully.com/news/blog/story/900/BlackBerry_has_spyware_risk_too_researcher_says/ Weve heard a lot about security issues with the iPhone, but the BlackBerry isnt immune to threats from malicious apps.Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.And if I had wanted--and he had allowed me--I could have seen a log of all his calls, monitored his inbound text messages, tracked his location in real-time based on the GPS Global Positioning System in his device and turned his microphone on to listen to conversations in the room and record them.Its trivial to write this type of code using the mobile providers own API application programming interface they provide to any developer, Shields said in an interview in advance of his talk on the spyware scheduled for the ShmooCon security show on Sunday.He calls his program TXSBBSpy and is releasing the source code but not an executable version of it. My goal is to show how easy it is to create mobile spyware, he said. News Mon, 08 Feb 10 11:42:23 -0800 http://www.spambully.com/news/blog/story/900/BlackBerry_has_spyware_risk_too_researcher_says/ http://www.spambully.com/news/blog/story/899/Blackberry_spyware_source_code_released/ Veracode today released Blackberry-specific spyware, which the code-review specialist intends as a call for defensive research to show that the BlackBerry is vulnerable to spyware problems.The Blackberry sandbox keeps you from getting into the operating system level. Its effective for that, says Tyler Shields, senior researcher at Veracode Research Lab and author of the Blackberry spyware. BlackBerry is one of the better operating systems in regards to security, he says, but in the sandbox you can steal data.Shields says the point in releasing the spyware source code, which he calls TXSBBspy, is to show how easy it is to write this code. He calls the source code a blueprint for malware on the BlackBerry, showing how its possible to remotely dump all the contents, send the contents via e-mail, and conduct real-time monitoring of phone messages.Shields says his purpose is to inspire a call to action to encourage development of BlackBerry applications to make it clear what these apps do before releasing them. News Mon, 08 Feb 10 11:14:42 -0800 http://www.spambully.com/news/blog/story/899/Blackberry_spyware_source_code_released/ http://www.spambully.com/news/blog/story/898/All_that_user-generated_content?_95%_is_malware_spam/ The latest research from Websense Security Labs paints a dreary but familiar picture of the state of online security threats. Echoing the bad news of other such recent reports, it seems the vast majority of the Web consists of malware and spam. Worse yet, even legitimate, well-known sites are being used to pump malware, SEO poisoning, or phishing attacks.Websense uses a global network of systems to scan and analyze over 40 billion websites every hour, tracking malware and other unwanted content. The results for the latter half of 2009 show a 225 percent increase in malicious websites. Worse, 71 percent of websites found to contain some malicious code were in fact legitimate websites that had been compromised in some way.One way that hackers are infiltrating the Web is by SEO poisoning, or using SEO techniques to pump up the ranking of malicious websites in search results to make them appear legitimate. On average, 14 percent of top search results for a given hot topic on Google led to a malicious website.This method has proven fairly successful, since it can easily adapt to changing search trends and get around detection. Malicious websites looking to cash in on Google Wave invites can use botnets to artificially inflate search rankings. As soon as the sites are discovered and filtered from search results, botnets can be instructed to move on to the next hot topic, such as MTV VMA awards or Brittany Murphy death.Still, hackers and spammers are increasingly going after legitimate websites, which already appear in top search results and often are considered safe or trusted by security filters. The top 100 most-visited websites represent the vast majority of Web traffic, and consist mainly of social networking and search sites. Malware is injected via user-generated content, such as news items, posted links, and comments. News Mon, 08 Feb 10 11:12:48 -0800 http://www.spambully.com/news/blog/story/898/All_that_user-generated_content?_95%_is_malware_spam/ http://www.spambully.com/news/blog/story/897/Research_shows_China_was_the_internet’s_largest_malware_source_in_January/ A report from security vendor Kaspersky Lab shows that malware originating from China topped its monthly report of digital pollution providers, broken down by country of origin, for January 2010.At 36.2% of all malware infections on the internet, China was by far the largest contributor of internet malware in January 2010 according to the Kaspersky report. Second on the list was Russia, at 5.8%, followed by 4.4% from the US.The January 2010 report from Kaspersky broke down as follows: China 36.2% Russia 5.8% US 4.4% India 3.9% Germany 3.9% Egypt 3.2% Mexico 2.9% UK 2.4% France 2.3% Turkey 2.2% Other 32.8%David Emm, a member of the research and analysis team at Kaspersky, notes that these results seem to confound some commonly held beliefs about the origins of most malware. The results may be surprising for some, as traditionally there has been an assumption that a lot of malware and digital pollution came from Russia and Eastern European countries, said Emm. While Russia did come in second on the list for malware pollution for the previous month, Infosecurity notes that, at least according to Kasperskys data, China was responsible for 500% more malware infections when compared with Russia.According to Emm, another widely held assumption regarding malware is debunked from these figures, at least in January 2010: Another myth it dispels is that digital pollution only emanates from poorer economies eminent world economic giants such as the USA and China, as well as the leading EU members Germany, UK and France, are all featured in the list. News Mon, 08 Feb 10 03:43:33 -0800 http://www.spambully.com/news/blog/story/897/Research_shows_China_was_the_internet’s_largest_malware_source_in_January/ http://www.spambully.com/news/blog/story/896/web/ Loyalty programs: Study reveals top complaints spam tops listWhat are your biggest complaints about your hotel chains loyalty program? Is it the amount of spam you receive - or rewards that dont really cut it for you?A study recently commissioned by the Chief Marketing Officer Council gives us a glimpse into how loyalty program members overall hotels and other categories, including airlines would answer that question, and I thought it would be interesting to check in with you. Released last month, the study was based on surveys with more than 700 customers who belong to a variety of loyalty programs. The top three complaints: Too much spam and junk email 44% Too many conditions and restrictions 38% Rewards that lack real value 37% The study comes at a time when the hotel giants are focusing more than ever on their loyalty customers. After all, business is down - and hotel chains are targeting their most loyal customers because they tend to travel more. Remember InterContinental Hotel Group statistics? IHG openly said last fall that its average loyalty club member is twice as profitable as a non-member, and an elite-level member is 12 times as profitable than an average member.According to the CMO report, loyalty programs of all kinds have an estimated 1.8 billion members, with hotel programs accounting for some 162 million members. That makes hotel loyalty programs Marriott Rewards InterContinentals Priority Club Rewards Hilton HHonors, Starwoods Starwood Preferred Guest Choice Privileges etc... the fourth-biggest category after financial services, airline and specialty retail, according to the report. The average U.S. household is enrolled in 14.1 loyalty and rewards programs, but is only active in 6.2 programs. News Mon, 08 Feb 10 03:41:41 -0800 http://www.spambully.com/news/blog/story/896/web/ http://www.spambully.com/news/blog/story/895/Facebook_social_networks_increasing_source_of_spam_cyber_attacks/ When it comes to online social networks, companies may have more to worry about than just the distraction factor in the workplace. Those Web sites are also becoming a bigger source of cyber attacks and spam, according to a recent survey by Sophos, a computer security company.Sophos said that reports by companies of spam and malware derived from social networks such as Facebook, MySpace and Twitter were up 70 percent from a year earlier. And of the 500 companies surveyed, 60 percent said Facebook -- by far the largest social network internationally--posed the biggest security risk.2009 saw Facebook, Twitter and other social networking sites solidify their position at the heart of many users daily internet activities, and saw these websites become a primary target for hackers, according to the report. Because of this, social networks have become one of the most significant vectors for data loss and identity theft.The company said attackers are hitting social networks in part because of valuable personal data contained on those sites. Twitter and Facebook were hit by denial of service attacks traced to a hacker in the nation of Georgia that shut off hundreds of millions users for several hoursSophos noted that Facebooks new privacy policy in many cases exposed personal data to broader Internet audiences.Facebook says it has recently partnered with McAfee to give users a free six-month subscription to McAfees security software. Users can use the software for applications beyond Facebook, according to Facebook spokesman Andrew Noyes.Weve built in numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised, Noyes said.As for those privacy policy changes addressed in the Sophos report, Noyes said the new policy also gave our users unprecedented ability to decide who sees content they post on Facebook at the time they post it. News Sun, 07 Feb 10 00:26:01 -0800 http://www.spambully.com/news/blog/story/895/Facebook_social_networks_increasing_source_of_spam_cyber_attacks/ http://www.spambully.com/news/blog/story/894/Fake_Firefox_Update_Spreads_Spyware/ The successor program to the notorious Zango spyware toolbar is being used to target users of Mozillas Firefox with fake browser updates, a security company has alleged.According to a warning put out by eSoft, the reprised Hotbar app, run as of May last year by a new entity called Pinball Corp, is being fed to users via a fake but convincing Firefox update page. The update page - which users would come to through a search engine for the latest updates - looks identical to the genuine page in everything bar the version it is claiming to offer 3.5 where the most recent is 3.6 and some misspelling.Windows users fooled into downloading and installing from the fake page will actually be getting a toolbar app that also hits the user with pop-up ads and a weather application in the system tray.According to eSoft, the software is actually being fed without the direct knowledge of its creators, Pinball, which will likely be paying a third party affiliate for every install. As with the distribution of the original Zango Toolbar, how that install gets on to a users PC is not their business.Zango disappeared last April after several years in which it was accused of sneaking spyware on to users PC without their consent, invariably by paying third parties to do the dirty work. In 2006, it was fined 3 million by the US Federal Trade Commission FTC for its actions. News Sat, 06 Feb 10 10:18:21 -0800 http://www.spambully.com/news/blog/story/894/Fake_Firefox_Update_Spreads_Spyware/ http://www.spambully.com/news/blog/story/893/Mozilla_Removes_Two_Malicious_Firefox_Add-Ons/ Mozilla on Friday said that it had removed two Firefox add-ons from its Web site because they installed malware.Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware, Mozilla said on its security blog. These were not originally detected with the anti-malware scanning tools that we have been using. We have since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents.AMO, Mozillas add-on management group, posted a notice about the malicious add-ons on Thursday.The malicious add-ons have been identified as version 4.0 of Sothink Web Video Downloader and all versions of Master Filer. According to AMOs blog post, Sothink Web Video Downloader 4.0 included malware known as Win32.LdPinch.gen, while Master Filer included malware known as Win32.Bifrose.32.Bifrose Trojan.Launching Firefox with either of these add-ons installed on a Windows computer is likely to lead to an infection. Removing the add-on does not remove the trojan software, however. Antivirus software that recognizes the malware is necessary for removal. According to Mozilla, the following antivirus apps will work: Antiy-AVL, Avast, AVG, GData, Ikarus, K7AntiVirus, McAfee, Norman, and VBA32.Last May, security researcher Duarte Silva created a proof-of-concept malicious add-on, or maladon, to highlight problems in Firefoxs add-on security model.Mozilla has made some security improvements since then, such as locking down Firefoxs components directory. But the discovery of infected add-ons on Mozilllas AMO site suggests that additional action is necessary. News Sat, 06 Feb 10 10:16:12 -0800 http://www.spambully.com/news/blog/story/893/Mozilla_Removes_Two_Malicious_Firefox_Add-Ons/ http://www.spambully.com/news/blog/story/892/Internet_HoneyGrid_reveals_95%_of_User_Generated_Content_is_spam_or_malicious/ Websense Security Labs has published its bi-annual State of Internet Security report and, as usual, it makes for pretty interesting if somewhat scary reading.Covering the last six months of 2009, the report is based upon the findings of the ThreatSeeker Network which is used to discover, classify and monitor global Internet threats and trends courtesy of something called the Internet HoneyGrid. This comprises of honeyclients and honeypots, reputation systems and advanced grid computing systems, all of which combine to parse through one billion pieces of content every day while searching for security threats. Every single hour the Internet HoneyGrid scans some 40 million websites for malicious code as well as 10 million emails for unwanted content and malicious code.So what did the HoneyGrid have to report about the Internet security threatscape for Q3Q4 2009?Here are the key findings: 13.7% of searches for trending newsbuzz words as defined by Yahoo Buzz Google Trends led to malware. The second half of 2009 revealed a 3.3% decline in the growth of malicious Web sites compared to the first half of the year. Websense Security Labs believes this is due to the increased focus on Web 2.0 properties with higher traffic and multiple pages. However, comparing the second half of 2009 with the same period in 2008, Websense Security labs saw an average of 225% growth in malicious Web sites. 71% of Web sites with malicious code are legitimate sites that have been compromised. 95% of user-generated posts on Web sites are spam or malicious. Consistent with previous years, 51% of malware still connects to host Web sites registered in the United States. China remains second most popular malware hosting country with 17%, but during the last six months Spain jumped into the third place with 15.7% despite never having been in the top 5 countries before. 81% of emails during the second half of the year contained a malicious link. Websense Security Labs identified that 85.8% of all emails were spam. Statistics for the second half of 2009 show spam emails broke down as 72% HTML, 11.2% image, 14.4% plain text with URL and 2.4% plain text with no URL. 35% of malicious Web-based attacks included data-stealing code. 58% of all data-stealing attacks are conducted over the Web. News Sat, 06 Feb 10 10:14:15 -0800 http://www.spambully.com/news/blog/story/892/Internet_HoneyGrid_reveals_95%_of_User_Generated_Content_is_spam_or_malicious/ http://www.spambully.com/news/blog/story/891/Apple_Warns_Developers_Against_Adding_Geo_Spam_To_Their_Apps/ A couple days ago, Apple put iPhone developers on notice that location-aware ads will no longer be allowed in all apps. Some observers read this as a blanket prohibition, and noted that it looks like Apple might be reserving geo ads for itself through its acquisition of Quattro Wireless.But the notice itself only seems to ban location-based advertising from non-location-based apps.Heres what the notice on Apples Dev Center says:If you build your application with features based on a users location, make sure these features provide beneficial information. If your app uses location-based information primarily to enable mobile advertisers to deliver targeted ads based on a users location, your app will be returned to you by the App Store Review Team for modification before it can be posted to the App Store.Well see how liberally Apple chooses to apply this new guideline, but the language does not ban all geo ads. It only bans geo spam. If an app does not have a geo component as one of its core features, it cant serve up irrelevant geo-targeted ads. This seems like a policy aimed to avoid random geo-targeted ads from popping up in games or other apps that try to enable the core location feature for ads and nothing else.Geo-based ads are very promising, and could open up local advertising to the Web in an entirely new way. But Apple needs to set the rules of the road early to make sure that consumers are not inundated with ads that are nothing more than spam and out of context to what they are doing. If you are an iPhone developer whose app was sent back for this reason, please share your experience in comments. News Sat, 06 Feb 10 10:12:25 -0800 http://www.spambully.com/news/blog/story/891/Apple_Warns_Developers_Against_Adding_Geo_Spam_To_Their_Apps/ http://www.spambully.com/news/blog/story/890/Firefox_add-on_contained_toxic_Trojan_code/ Mozilla has issued users with a warning that two add-on available from the official Add-ons website addons.mozilla.org contained code that infected Windows PCs.Two add-ons are affected: Master Filer - Infected with a password-stealing Trojan called Win32.LdPinch.gen Sothink Web Video Downloader - Infected with a backdoor Trojan called Win32.Bifrose.32.BifroseHeres what Mozilla has to say: If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a users system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a users system, an antivirus program should be used to scan and remove any infections.It is believed that some 4,600 users have been infected.Mozilla does scan all uploaded add-ons for malware, and blocks any that are infected. However, in this case the process failed. Now Mozilla has added two new malware detection tools to the scan chain to offer additional protection. It was at this stage that the malware hidden in the Sothink Web Video Downloader was discovered.Bottom line, its unwise to rely solely on scanning done by a third-party. News Fri, 05 Feb 10 10:33:16 -0800 http://www.spambully.com/news/blog/story/890/Firefox_add-on_contained_toxic_Trojan_code/ http://www.spambully.com/news/blog/story/889/Malicious_Firefox_Add-ons_Installed_Trojans/ Mozilla last night announced that two experimental Firefox add-ons, Master Filer and the Sothink Web Video Downloader version 4, infected victim PCs with Trojans when either add-on was installed.The small-distribution extensions were previously available via Mozillas add-on site, but have since been removed. According to Mozillas post, the Master Filer add-on had been downloaded about 600 times and installed the Bifrose Trojan. The Sothink Web Video Downloader version 4 slipped in the LdPinch Trojan, and had been downloaded about 4,000 times.According to the open-source organization, the malicious add-ons managed to sneak by the one malware scanner unnamed in the post used by Mozilla. The organization says it will now be scanning with two additional detection tools also unnamed.If you happen to have installed either of these malicious add-ons, note that removing the add-on will not remove any installed Trojan. Youll need to run a separate antivirus scan and disinfection to clean your system. Mozillas post includes a list of antivirus software currently known to detect the particular Trojans involved.This unfortunate incident makes clear why relying solely on one antivirus scanner is never a good idea, as no one program detects everything. Since this has happened at least once before with an infected Vietnamese language pack, Im curious why Mozilla doesnt simply switch to uploading all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission. Ive also asked Mozilla which scanner it had been using. If I get that information Ill add it to this post. News Fri, 05 Feb 10 10:31:53 -0800 http://www.spambully.com/news/blog/story/889/Malicious_Firefox_Add-ons_Installed_Trojans/ http://www.spambully.com/news/blog/story/888/Cyberthieves_are_hiring_using_online_ads/ Two companies that are hiring -- at least on a contractor basis -- advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday.What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on -- like a picture of Britney Spears getting out of her car. These people then collect a fee for each 1,000 times that the malware is downloaded.One site, for example, pays 180 for each 1,000 times that malware is downloaded onto a U.S. computer but less for computers elsewhere. It refuses to pay for any downloads to Russian computers, causing Stevens and others to strongly suspect that it, like other similar sites, are based in Russia.We pay your wages via the following systems: Fethard, WebMoney, Wire, e-gold, Western Union WU, MoneyGram, Anelik and ePassporte, and PayPal, the site said.Stevens said it was impossible to know how many computers were infected via these companies but put the number in the millions.Security professionals in the audience for Stevens presentation laughed at times, most likely at how blatant the web sites were. News Thu, 04 Feb 10 21:59:16 -0800 http://www.spambully.com/news/blog/story/888/Cyberthieves_are_hiring_using_online_ads/