http://www.spambully.com/news/ SpamBully News en-us Copyright 2009 Axaware Mon, 05 Jan 09 05:46:58 -0800 Mon, 05 Jan 09 05:46:58 -0800 http://blogs.law.harvard.edu/tech/rss SpamBully custom feed 300 webmaster@spambully.com (SpamBully Webmaster) webmaster@spambully.com (SpamBully Webmaster) http://www.spambully.com/news/blog/story/181/Twitter_users_hit_by_spam_messages/ Users of Twitter have reported that they are receiving spam messages from their followers.In the messages, users are being directed to a funny blog, a website with their picture on it or to a page where they can win an iPhone. According to Sophos, if users click-through they will get to a phishing site that is disguised as the Twitter login page, where spammers will attempt to steal their username and password. Twitter co-founder Biz Stone alerted followers to the danger as his team worked on the problem, and later advised members who may feel weirded out by the incident to change their passwords and exercise caution when they reach web pages which ask them to log in to Twitter. Graham Cluley, senior technology consultant for Sophos, said: It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as so many internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater. News Sun, 04 Jan 09 21:46:58 -0800 http://www.spambully.com/news/blog/story/181/Twitter_users_hit_by_spam_messages/ http://www.spambully.com/news/blog/story/180/The_Savvy_Networker_10_Must-Dos_for_Online_Networkers/ 01-04 04:00 PST 010409 -- When my 81-year-old dad sent me a LinkedIn invitation, I knew some milestone had been passed.Its an online-networking world, and working people who arent already on the bandwagon need to catch up, fast. Here are 10 tips to help you get your online networking activities going without ruffling any feathers:1. Get a new oneYoull need a ONE an online networking e-mail account just for use in discussion groups and social networking sites. If you dont get an account just for this purpose, you may find your regular home e-mail address or, worse, your work address! beset by spam messages and bacn social networking spam. Get a new address at Yahoo! or another free-e-mail site today, and use it for all of your online networking adventures.2. Find your groupYahoo! Groups is the epicenter of group online discussion, with 10 million groups covering every topic from search engine optimization to moms working from home. Search for a group that suits your taste and then join it, taking care to read the groups membership guidelines before you plunge into the conversation. News Sat, 03 Jan 09 21:37:35 -0800 http://www.spambully.com/news/blog/story/180/The_Savvy_Networker_10_Must-Dos_for_Online_Networkers/ http://www.spambully.com/news/blog/story/179/2009:_The_year_ahead_in_security/ Like most of the technology industry, IT security is unlikely to see a major new trend next year, but rather a continuation of many of the themes and vulnerabilities reported in 2008.It is clear that spam, despite recent triumphs by law enforcers, will continue to grow and become more malicious. Businesses and home users will also have to be on their guard against increasingly stealthy and sophisticated malware designed to steal their details.And web vulnerabilities will be the most highly exploited as criminals go for the path of least resistance, so web site owners will need to be on guard as hacks of legitimate sites increase.The continuing financial crisis is also likely to affect the security landscape in increasingly dangerous ways. News Fri, 02 Jan 09 10:53:14 -0800 http://www.spambully.com/news/blog/story/179/2009:_The_year_ahead_in_security/ http://www.spambully.com/news/blog/story/178/Lurking_online_a_Web_rife_with_‘evil_purposes’/ It can be an e-mail from the widow of a recently deceased Nigerian prince asking for your help in disposing of 5 million.It can be a message from your bank stating that it needs some personal information so that it can update your account.Or it can be a seller on eBay whos offering supposedly authentic Tiffany Co. jewelry at unbelievable prices.These are prime examples of the online fraud that seemingly lurks behind every unexpected e-mail and many Web sites and that experts say has grown more prevalent in recent years.Whenever you have a new technology, at some point there are going to be people who are going to employ that technology for evil purposes, said Jeffrey J. McConnell, a Canisius College computer scientist. News Fri, 02 Jan 09 10:50:59 -0800 http://www.spambully.com/news/blog/story/178/Lurking_online_a_Web_rife_with_‘evil_purposes’/ http://www.spambully.com/news/blog/story/177/How_to_secure_your_Vista_PC_in_10_easy_steps/ December 31, 2008 PC World While Windows Vista may be Microsoft Corp.s most secure operating system ever, its far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall or for some nefarious bot to tweak your browser settings without your knowledge.But by making a few judicious changes using the security tools within Windows Vista -- and in some cases by adding a few pieces of free software -- you can lock down your operating system like a pro.1. Use Windows Security Center as a starting pointFor a quick overview of your security settings, the Windows Security Center is where youll find the status of your system firewall, auto update, malware protection and other security settings. Click Start, Control Panel, Security Center, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected.For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out of date, the malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so youll want to install your own. For free antivirus, I recommend AVG Anti-Virus 8. News Thu, 01 Jan 09 10:34:00 -0800 http://www.spambully.com/news/blog/story/177/How_to_secure_your_Vista_PC_in_10_easy_steps/ http://www.spambully.com/news/blog/story/176/Spyware_programs_on_work_computers_tell_all/ WEST PALM BEACH, FL WFLX - Recent studies show the average person surfs the net at work for one to two hours for personal reasons and not for work duties. Were talking about personal sites - like keeping in touch with friends on Facebook, shopping on eBay, or watching videos on YouTube.According to the Palm Beach Post, 13 West Palm Beach city employees find themselves out of work Tuesday morning - not for surfing the net, but for what they were looking at.West Palm Beach spokesman Peter Robbins says three people were fired and 10 resigned after their investigation.A lot of companies use Spyware programs. These programs can tell employers everything you do online down to what key you hit and when you hit it.According to the Post, the inappropriate material found on city computers ranged from sexual content to religious slurs, and that was in violation of city policy. News Thu, 01 Jan 09 10:30:49 -0800 http://www.spambully.com/news/blog/story/176/Spyware_programs_on_work_computers_tell_all/ http://www.spambully.com/news/blog/story/175/Top_10_Spam_Stories_of_2008/ Well, its a yearly tradition in the western hemisphere that at the end of the year, we compose a top 10 list of the 10 most . Since it is now 2009, I thought that I would create my own list of the top 10 spam stories of 2008.Now, not all of these will be universally applicable to everyone, they are the top 10 stories as seen by me: 1. Backscatter makes the news. Backscatter spam is a scourge on the internet, and it made big headlines this year, so much so that even the USA Today covered it. Even bigger coverage? I blogged about it in an 18-part series. Take that, USA Today!2. Spammers get huge fines, sentenced to prison. Dubbed the original Spam King, Sanford Wallace finally had a big corporation come after himNewscorp. In May of 2008, he was hit with a 230 million dollar fine for spamming MySpace. He should have held out a few more months and then asked the government for a bailout.On a similar note, Seattle Spammer Robert Soloway was convicted on three charges and faces up to 27 years in prison. I considered going down to the court house and watching the sentencing I never got around to it. Probably a good thing I couldnt engage in a little schadenfreude. News Thu, 01 Jan 09 10:27:37 -0800 http://www.spambully.com/news/blog/story/175/Top_10_Spam_Stories_of_2008/ http://www.spambully.com/news/blog/story/174/Phishing_attacks_get_personal/ You know to watch for phishing attacks, which use e-mail messages purporting to be from legitimate businesses to trick you into divulging private information. Youre cautious and use a good spam filter, but phishing messages still get through. And these messages are more dangerous than ever.According to Cisco, almost 200 billion spam messages are sent daily. They have one thing in common: They want your money.Most computer users can spot phishing messages. Unfortunately, cybercriminals have become more sophisticated, too. Targeted phishing attacks account for 0.4% of spam. That may seem minor, but its 800 million messages a day.For example, you receive a message purportedly from your Internet service provider. It greets you by name and says your billing information is outdated. It says you must click a link to update your information. If you comply, your information will be stolen. This is the type of targeted attack you will see more of in 2009. News Thu, 01 Jan 09 10:23:36 -0800 http://www.spambully.com/news/blog/story/174/Phishing_attacks_get_personal/ http://www.spambully.com/news/blog/story/173/2009_security_predictions:_Deja_vu_all_over_again/ The security industry is fueled largely by FUD Fear Uncertainty and Doubt. So its not unusual for most forecasts in the industry to be full of grim prognostications of imminent chaos and calamities.By that measure, the predictions contained in several recent security forecasts for 2009 will probably be somewhat of a relief for security managers.Most of the security vendors forecasts predict dramatic spikes in volumes of spam, phishing, botnet activity and malware targeted at companies. The reports also highlight sharp increases in attacks directed against Web and mobile applications. But the concerns largely deal with issues that security managers are already familiar with and there are few, if any, really nasty new threats in store around the corner, according to the forecasts.Like with years past, forecasts are colored by the vendors specific view of their places in the market. For example, Verisign, a provider of Internet infrastructure services, predicted increased attacks against critical targets including SCADA Supervisory Control and Data Acquisition systems, which deliver power. Desktop security software vendor Sophos , meanwhile, warned about dramatic increases in malicious e-mail attachments, and huge spikes in spam volume. And Web application security product vendors predicted an increase in Web attacks. News Tue, 30 Dec 08 21:59:45 -0800 http://www.spambully.com/news/blog/story/173/2009_security_predictions:_Deja_vu_all_over_again/ http://www.spambully.com/news/blog/story/172/Mac_users_need_malware_protection/ Oneof the main reasons Windows users switch to the Macintosh is to escape the constant onslaught of malware.Viruses, Trojans and spyware are a constant threat to the Windows ecosystem.Apple touts the Mac as being a haven from malware, and certainly in the past thats been the case. But the past is no guarantee of what will happen in the future. The Macs market share is growing rapidly from 2percent just a few years ago to around 10 percent now and the bad guys are starting to notice. Although relatively few now, there are an increasing number of threats taking aim at Mac users.Add to that the fact that fleeing Windows users are bringing their bad habits with them. As Ive written before, these folks may feel they can now compute with impunity, because theyre on what theyve been told is a safe platform. That attitude is a security disaster waiting to happen.Thats because most of the Mac malware now out there are Trojans programs that masquerade as something else and require users to take action to install them onto Macs. Note that this is the same technique that many PC spyware programs use, and this kind of social engineering is frighteningly effective. Computer users who ignore common sense when surfing are eventually going to get burned, no matter what OS is on their hard drives. News Mon, 29 Dec 08 22:04:02 -0800 http://www.spambully.com/news/blog/story/172/Mac_users_need_malware_protection/ http://www.spambully.com/news/blog/story/171/Bait-and-switch_scams_move_to_Internet/ Despite an ailing economy, revenue for online ads has reached more than 21 billion a year and is the lifeblood for search engines and websites.Some people are wondering who is behind the ads. One consumer group is warning that many of them are scams. Consumers might want to think twice before they click.When you go online you probably run into many paid ads. Some of them can be tempting, offering free phones or discount hotels.If youre on a website, if it looks shady, if it looks too good to be true, it probably is. So, go back. Dont give out information about yourself, says Jarrod Agen from the Alliance Against Bait Click.Agen says a simple search for a favorite brand name could lead you to an unrelated website, one that may be out to get your personal information or even infect your computer with spyware. News Mon, 29 Dec 08 22:02:26 -0800 http://www.spambully.com/news/blog/story/171/Bait-and-switch_scams_move_to_Internet/ http://www.spambully.com/news/blog/story/170/Spam_will_cash_in_on_economic_crisis/ MANILA, Philippines -- Spam levels will increase next year as perpetrators will try to take advantage of the global economic crisis and the popularity of social networking sites, Symantec said in a recent report.Among its security trends to watch out for in 2009, Symantec noted the global economic crisis will be the basis of many new attacks.This would include phishing attacks. Email messages whose premise would involve the closing of a given bank meant to spread false alarm are just a few examples, Symantec said.Similarly, attacks would also exploit other types of fraudulent activities, such as e-mail messages promising easy mortgage or refinancing.Expect to see an increase in scams that prey on people who have had homes foreclosed, an increase in work from home scams targeting the unemployed, and an increase in spam that mimics job sites, Symantec said in its forecast. News Mon, 29 Dec 08 21:59:48 -0800 http://www.spambully.com/news/blog/story/170/Spam_will_cash_in_on_economic_crisis/ http://www.spambully.com/news/blog/story/169/Samsungs_November_alert_prompts_online_retailer_to_warn_Windows_XP_users_of_malware_on_driver_CD/ Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold until earlier this month might have come with malware on the driver installation CD.An Amazon.com customer posted the warning a week ago to the online retailers user forum. In its note to customers, Amazon.com said that a Samsung advisory had been issued for the SPF-85H, an 8-in. digital photo frame that Amazon sold for approximately 150 starting in October.The Samsung SPF-85H is no longer available on Amazon.com.We have recently learned that Samsung has issued an alert. ... Our records indicate that you have purchased one of the digital photo frames through the Amazon.com website and are therefore affected by this alert, said Amazon in the note.Samsung released its advisory download PDF on Nov. 27 and listed five photo frame models as being affected: SPF-75H, SPF-76H, SPF-85H, SPF-85P and SPF-105P. News Mon, 29 Dec 08 10:25:01 -0800 http://www.spambully.com/news/blog/story/169/Samsungs_November_alert_prompts_online_retailer_to_warn_Windows_XP_users_of_malware_on_driver_CD/ http://www.spambully.com/news/blog/story/168/Tips_to_Bring_Your_PC_Up_to_Speed/ ARA - Your PC isnt very old, but it sure is slow - so slow that you would love to replace it with something new and speedy. But a new computer just isnt in the budget in this tough economy.The good news is that you can make your PC run faster, without upgrading or replacing it. All you need to do is give it a tune up.The hard disk is the slowest part of your computer - as much as thousands of times slower than other types of storage, like memory. And your PCs hard disk slows down over time as files become fragmented. Here are some tune-up tips you can do yourself: Free up disk space. Start easy by emptying out your recycle bin. Then move on to deleting installed programs you dont use. If youre feeling more ambitious, remove Windows temporary files and optional extras that you dont use. The extra disk space will help to improve your computers performance. Repair errors. Hard disks can develop bad sectors which prevent your PC from saving information in organized files on the disk. The information will be pushed somewhere else outside of the bad sector, causing the computer to slow down as it searches for files. Remove spyware. Spyware not only slows your PC down, but also puts your personal identity at risk. Spyware can track the Web sites you visit and collect personal information without your knowledge. There are many free anti-spyware programs available online. News Sun, 28 Dec 08 10:37:01 -0800 http://www.spambully.com/news/blog/story/168/Tips_to_Bring_Your_PC_Up_to_Speed/ http://www.spambully.com/news/blog/story/167/Spammers_prey_on_job_hunters/ Be a lazy Google millionaire. Earn 64 an hour from home. Get 250 business cards free.These are just some of the 80-plus junk e-mail messages, known as spam, that are pouring into John Gembeckis inbox on a daily basis since he started looking for a job in July.Gembecki is sure that every piece of spam is a result of the resumes he put on Monster.com and other employment sites because he created a Gmail account for his job search that he doesnt use for anything else.Though Gembecki did find a new job through CareerBuilder in just five weeks, the experience of wading through the reams of spam while hoping one was from a genuine employer has him wary about job Web sites.Unlike spam that references Viagra or deposed Nigerian princes, job-related spam exploits neither lust nor greed but the simple desire to find gainful employment. News Sun, 28 Dec 08 10:33:58 -0800 http://www.spambully.com/news/blog/story/167/Spammers_prey_on_job_hunters/ http://www.spambully.com/news/blog/story/166/Beware_Holiday_e-Greeting_Cards_Digital_Hitchhikers/ Cyber crooks are once again blasting out fake holiday e-greeting cards in a bid their special kind of cheer. Also, there are signs that computer viruses may again be piggybacking on digital photo frames and other data storage devices that make popular holiday gifts.E-greeting scams are hardly new, but they tend to increase around major holidays, probably because consumers are more receptive to opening them at these times and because more people are home in front of their computers.Most of these e-greeting scams try to foist malicious software by claiming the recipient needs to install some application in order to view the card, such as Adobes Flash Player. Almost invariably, the downloaded program isnt a legitimate add-on, but malware.According to Symantec, some of the fake e-card domains being used in this scam include please dont visit any of these sites: http:itsfatherchristmas.com http:bestchristmascard.com http:whitewhitechristmas.com http:christmaslightsnow.com http:freechristmasworld.com News Fri, 26 Dec 08 23:37:09 -0800 http://www.spambully.com/news/blog/story/166/Beware_Holiday_e-Greeting_Cards_Digital_Hitchhikers/ http://www.spambully.com/news/blog/story/165/Flurry_of_spam_targets_FBI/ Consumers continue to be inundated by spam purportedly from the FBI. As with previous spam attacks, the latest versions use the names of several high ranking executives within the FBI and even the IC3 to attempt to defraud consumers. Many of the spam e-mails currently in circulation claim to be an official order from the FBIs Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars. To claim the large sum, recipients are instructed to furnish their personally identifiable information PII and are often threatened with some type of penalty, such as prosecution, if they fail to do so. Specific PII information requested includes, but is not limited to, the recipients name, banking information, telephone number and a copy of their passport. The spam e-mail allegedly from the IC3 states that the recipient has extorted money and will be given a limited amount of time to refund the money or face prosecution. Do not respond. These e-mails are a hoax. The FBI does not send unsolicited e-mails of this nature. FBI executives are briefed on numerous investigations but do not personally contact consumers regarding such matters. News Fri, 26 Dec 08 23:34:30 -0800 http://www.spambully.com/news/blog/story/165/Flurry_of_spam_targets_FBI/ http://www.spambully.com/news/blog/story/164/Fake_Christmas_holiday_greetings_spread_new_malware/ December 24, 2008 Computerworld New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse.Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed XmasStorm by the center, is spreading through holiday-themed spam.Touting subject lines such as Merry Xmas! and Merry Christmas card for you! the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot that waits for commands from the hacker controllers.Nguyen Minh Duc, manager of Bach Khoas application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaigns holiday theme in the last month, including superchristmasday.com and funnychristmasguide.com. According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively. News Thu, 25 Dec 08 21:27:49 -0800 http://www.spambully.com/news/blog/story/164/Fake_Christmas_holiday_greetings_spread_new_malware/ http://www.spambully.com/news/blog/story/163/Criminals_Switch_To_Malware_For_Online_Crimes/ In April, many scammers began to see problems with their phishing scams.Security researchers had spent time studying botnet networks and had become very good at blocking fraudulent emails.These scammers, also called phishers, known for the way they trick victims into giving up user names and passwords, have homed in on a new way to make money.Phishers have begun using browser plug-ins or other types of software. Instead of tricking victims to visit websites, they have started sending emails that come with malicious software. The software poses as a security update from a bank, and installs code that can steal banking credentials.According to Mickey Boodaei, CEO of Trusteer, a company that makes desktop security software used by banks, malicious software installs are on the rise among scammers.Were seeing a clear shift from phishing attacks, said Boodaei. News Tue, 23 Dec 08 21:27:24 -0800 http://www.spambully.com/news/blog/story/163/Criminals_Switch_To_Malware_For_Online_Crimes/ http://www.spambully.com/news/blog/story/162/PC_Got_a_Virus?_Consider_Getting_Help_Offline/ If you suspect or know your PC is infected with a virus, its probably wise to avoid purchasing anything using that computer until youre sure the machine is clean. That includes additional anti-virus or security products.Chances are the malicious software on your machine includes built-in ability to steal user names, passwords and other sensitive data from infected hosts.Recently, Ive heard from several people who used their credit or debit cards at the first sign of infection, to renew or upgrade their anti-virus protection when their existing software didnt work or failed to update. Also, in a Live Web chat a few weeks ago, one reader described how he stupidly went online and bought an anti-virus product after realizing hed infected his machine with a DNS hijacker Trojan.Consumers can be forgiven for such goofs: After all, they paid for security software, they expect rightly or wrongly to be protected, and yet still got hit with malware. News Tue, 23 Dec 08 21:25:43 -0800 http://www.spambully.com/news/blog/story/162/PC_Got_a_Virus?_Consider_Getting_Help_Offline/ http://www.spambully.com/news/blog/story/161/Spam_levels_down_then_up_in_Symantec_monthly_report/ Emailers around the world celebrated a 65-percent reduction in spam in their mailbox last month, but now, according to Symantec, the spam is back. According to Symantecs monthly Start of Spam report, its already regained most of its previous strength.On November 11, several network providers shut down McColo.coms Internet access, cutting off spammers ability to control much of the Rustock and Srizbi botnets. The Symantec probe network saw a 65-percent drop in spam within 24 hours.But Symantec Manager of Business Intelligence Dylan Morss, recently writing in a company blog, reports that it didnt last. At this point, spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels, he reports. The cause? Old botnets are being brought back online and potential new botnets are being created.Spam is now coming from all over the world, with the bulk originating in Brazil 22 percent, Russia 14 percent, the United States and Turkey 12 percent each, and China and India 11 percent each. News Tue, 23 Dec 08 21:23:18 -0800 http://www.spambully.com/news/blog/story/161/Spam_levels_down_then_up_in_Symantec_monthly_report/ http://www.spambully.com/news/blog/story/160/90%_of_worldwide_e-mail_is_a_spam_warns_Cisco_Report/ As long as cyber crime groups pursuing profiteering through the Internet are improving their skills so as to steal data from businesses, employees and consumers their online attacks are getting more sophisticated and harder to oppose, as noted in the 2008 edition of the Cisco Annual Security Report released this week. In its annual edition Cisco points out to the top security threats of the year providing recommendations on how to protect networks against attacks.This year the overall number of disclosed vulnerabilities grew 11.5% above 2007. Cisco notes that vulnerabilities in virtualization technology nearly tripled from 35 to 103 on a year-over-year basis. Attacks are becoming increasingly blended, cross-vector and targeted. Threats coming from legitimate domains rose 90% which is nearly double of what was observed a year ago. Meantime, malware infiltrated via e-mail attachments is decreasing in number. Within the period of the last two years the number of attachment-based attacks dropped 50% as compared with the previous two years of 2005 and 2006.Cisco warned against some specific threats that flooded the web space reporting that the number of spam messages sent daily makes up for 200 billion constituting thus 90% of the worldwide e-mail. While targeted spear-phishing represents about 1 percent of all phishing attacks, it is expected to become more prevalent as criminals personalize spam and make messages appear more credible. The growing danger is also being posed by botnets which are heavily deployed today by cyber criminals. Multiple legitimate web sites were infected this year with IFrames, malicious code injected by botnets that redirect visitors to malware-downloading sites. The use of social engineering to entice victims to open a file or click links continues to grow. More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam. News Tue, 23 Dec 08 21:21:28 -0800 http://www.spambully.com/news/blog/story/160/90%_of_worldwide_e-mail_is_a_spam_warns_Cisco_Report/ http://www.spambully.com/news/blog/story/159/The_Internets_Naughty_Nine_Malware_Threats_of_2008/ Once again, the bad guys went after the curious, gullible and careless with lots of Web malware. Particularly malevolent were the attacks that relied on readers enthusiasm for all things Barack Obama, and their distress over the credit crisis.Below is a list of the most notable malware attacks in 2008, at least so far. The Naughty Nine and their descriptions are courtesy of MessageLabs, a security company that is now part of Symantec.Storm worm -- Storm was among the most aggressively spread malware of 2008. It enabled the formation of one of the largest botnets in history, estimated at 2 million compromised computers around the world at its peak.Search Engine spam -- In early 2008, spammers begin abusing search engine redirects, a technique allowing them to include a link from a search engine query within an email message. The link resolves to the spammers forged web site meaning that spammers could send messages without directly mentioning the spam web site thereby bypassing traditional anti-spam detection mechanisms which typically will not flag legitimate search engine sites as malicious links.CAPTCHA Breaks -- Hackers first broke webmail CAPTCHAs Completely Automated Public Turing Test to tell Computers and Humans Apart in February 2008. Once in, they were able to abuse free email services to send copious amounts of spam. As 2008 wore on, CAPTCHA breaking techniques continued to increase in sophistication and became the key to the spamming kingdom.Targeted Trojans -- Although they have been around for several years, new versions of Targeted Trojans are continuously evading Anti-virus systems due to their variation in code. The most memorable Targeted Trojans of 2008 spoofed a U.S. consumer advocacy site and the Olympic organizers. Since the beginning of 2008, targeted Trojan attacks have increased to approximately 80 per day.Web-based malware -- In April, cybercriminals used Web-based malware to take advantage of the opportunity to capitalize on computer users unfamiliarity with web-borne attacks. In July 2008, the number of new, malicious web sites blocked each day rose by 91 percent, taking the threat to its highest level. This surge was due to due to the number of websites linked to SQL injection attacks, where malicious JavaScript is downloaded to a visitor via the use of removed HTML tags. Hosted Applications Spam -- In May 2008, spammers uncovered the perfect way to spam using links to hosted online documents created under accounts with a major hosted applications service provider, which are not blocked by traditional spam filters. Srizbi -- Estimated at more than 1.3 million infected computers, Srizbi was responsible for 50 percent of all spam in 2008. It was the botnet behind Reactor Mailer spamware and also the botnet that spurred phishing scams spoofing some banks, marking a shift toward targeting smaller state banks and credit unions. Obama spam -- 2008 being an election year, political spam was rampant. Two bouts of spam used President Elect Barack Obama to lure recipients attention. The first spam cluster purported to sell watches or pills but spoofed email addressed from the following domains: barackobamaismyhomeboy.com and barackobamaisyournewbicycle.com, a popular website that intended to honor the presidential candidates altruism. The second run of Obama-related spam foreshadowed the outcome of the election using Obama subject lines 85 percent of the time and subject lines with McCain references 15 percent of the time.Credit crisis phishing scams -- As the credit crisis worsened, MessageLabs saw an increase in phishing attacks largely spoofing banks, in September and October. Between August and September, phishing attacks rose by 16 percent and by 103 percent between September and October. The subjects of the attacks were national banks and global banks, smaller state banks and credit unions and online retail sites. As change prevailed through the latter part of 2008, scammers took advantage of the frenzy surrounding the mergers and bailouts. News Mon, 22 Dec 08 09:30:42 -0800 http://www.spambully.com/news/blog/story/159/The_Internets_Naughty_Nine_Malware_Threats_of_2008/ http://www.spambully.com/news/blog/story/158/Kiwis_nail_a_Mr_Big_of_the_spam_world/ A New Zealand man living in Australia has agreed to pay fines totalling 92,715 after admitting his role in an international spam email operation said to be responsible for sending out billions of unsolicited emails in recent years.Lance Atkinson, 26, of Pelican Waters in Queensland, is also facing charges in the US where a court has frozen his assets at the request of the US Federal Trade Commission FTC, which also succeeded in having the spam network shut down.New Zealands Internal Affairs Anti-Spam Compliance Unit found Lance Atkinsons operation responsible for more than 2 million unsolicited electronic messages that were sent to New Zealand computers between 5 September 2007 and 31 December 2007.These emails marketed Herbal King, Elite Herbal and Express Herbal branded pharmaceutical products, manufactured and shipped by Tulip Lab of India. News Sun, 21 Dec 08 21:46:15 -0800 http://www.spambully.com/news/blog/story/158/Kiwis_nail_a_Mr_Big_of_the_spam_world/ http://www.spambully.com/news/blog/story/157/U.S._Computers_Generate_Most_Malware/ American websites host more malware and computers relay more spam than any other country, the latest security report showed.As evidence of this, when an American Internet company, accused of collaborating with spammers and hackers, was disconnected from the net in November, the level of spam staggered down 75 percent.The Security Threat Report 2009 was just published by Sophos, the U.K.-based IT security and control firm, which examined the threat landscape over the last twelve months, and predicted the emerging cybercrime trends for 2009.Too many compromised computersNot only is the U.S. relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but its also carrying the most malicious Web pages, said Graham Cluley, senior technology consultant for Sophos. We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today. News Sun, 21 Dec 08 10:12:41 -0800 http://www.spambully.com/news/blog/story/157/U.S._Computers_Generate_Most_Malware/ http://www.spambully.com/news/blog/story/156/New_law_puts_hefty_price_tag_on_spam/ STEVEN CARROLLBUSINESSES FOUND to be sending unsolicited e-mails and text messages could face fines of up to 250,000 under new legislation signed by Minister for Communications Eamon Ryan.The regulations, which come into effect immediately, relate to all unsolicited mail sent by e-mail, text message or fax. Unsolicited mail for direct marketing purposes will be treated as an indictable offence under the legislation.The new laws will allow the Data Protection Commissioner to refer serious breaches of the legislation for prosecution through the Circuit Court, where fines of up to 250,000, or 10 per cent of the offending companys turnover, may be imposed. The number of complaints made to the Data Protection Commissioner in relation to spamming increased from 66 in 2005 to 538 last year.Offenders were previously prosecuted in the District Court where the maximum fine was 3,000. This figure has now been increased to 5,000. Mr Ryan said spam was a serious threat to the internet, posing security risks and that such communications were a serious invasion of privacy.Unwanted communication, either by e-mail or to a mobile phone is more than a nuisance - it wastes money and energy, he said. Millions every year are lost to Irish companies through lost productivity as spam clogs inboxes and crashes servers, he said. News Sun, 21 Dec 08 10:11:01 -0800 http://www.spambully.com/news/blog/story/156/New_law_puts_hefty_price_tag_on_spam/ http://www.spambully.com/news/blog/story/155/USA_number_1_in_malware/ A new report has placed the U.S. at the top of the list for most websites hosting malware and the most computers relaying spam emails throughout the world.The spot was previously held by China last year, but due to a multitude of innovative attacks by cybercriminals this year, the U.S. how holds approximately 37 percent of the malware on the web, NetworkWorld.com reports. China hosts 27.7 percent.In terms of malware threats, SQL injection attacks against websites and the emergence of scareware were the biggest ones.The U.S. also distributed the most spam emails than any other country with 17.5 percent. This may come as a surprise to some, given the McColo takedown last month, which assisted dropping the amount of spam by approximately 65 percent, according to the website.As the year draws to an end, spam levels are almost at pre-takedown levels, rendering the McColo shutdown essentially inconsequential. News Sat, 20 Dec 08 20:57:40 -0800 http://www.spambully.com/news/blog/story/155/USA_number_1_in_malware/ http://www.spambully.com/news/blog/story/154/Hackers_Acting_Faster_Study_Concludes/ Zero-day malware accounted for 26 percent of blocked threats in November, says web security firm ScanSafe.In its monthly Global Threat Report, ScanSafe said the rate of zero-day malware blocks increased in November to 26 percent of blocks, compared to 16 percent in October. The number is also significantly higher than the 19 percent average reported for the year.In a zero day attack, hackers are faster than software vendors and security providers by exploiting vulnerabilities before vendors have time to fix them.The most recent zero day attack was the Internet Explorer browser exploit. The vulnerability was found and then mistakenly released by Chinese researchers. The result was an explosion of attacks. Microsoft released an emergency patch on Tuesday, 17 December.Throughout November, attackers were more intent than ever on ensuring the malware they used would bypass traditional security measures, said Mary Landesman, senior security researcher at ScanSafe. News Sat, 20 Dec 08 20:55:57 -0800 http://www.spambully.com/news/blog/story/154/Hackers_Acting_Faster_Study_Concludes/ http://www.spambully.com/news/blog/story/153/Hackers_Acting_Faster_Study_Concludes/ Zero-day malware accounted for 26 percent of blocked threats in November, says web security firm ScanSafe.In its monthly Global Threat Report, ScanSafe said the rate of zero-day malware blocks increased in November to 26 percent of blocks, compared to 16 percent in October. The number is also significantly higher than the 19 percent average reported for the year.In a zero day attack, hackers are faster than software vendors and security providers by exploiting vulnerabilities before vendors have time to fix them.The most recent zero day attack was the Internet Explorer browser exploit. The vulnerability was found and then mistakenly released by Chinese researchers. The result was an explosion of attacks. Microsoft released an emergency patch on Tuesday, 17 December.Throughout November, attackers were more intent than ever on ensuring the malware they used would bypass traditional security measures, said Mary Landesman, senior security researcher at ScanSafe. News Sat, 20 Dec 08 20:55:08 -0800 http://www.spambully.com/news/blog/story/153/Hackers_Acting_Faster_Study_Concludes/ http://www.spambully.com/news/blog/story/152/As_phishing_evolves_criminals_switch_to_malware/ The scammers began to see serious problems with their phishing scams sometime around April.Thats when they started realizing that more and more of their phoney phishing e-mails were being blocked. Security researchers had spent the previous year closely studying botnet networks of infected computers and they were getting pretty good at blocking many of the fraudulent e-mail messages that were being sent from these systems.This was creating a problem for phishers -- online fraudsters who set up fake Web sites and try to trick victims into visiting them and giving up their user names and passwords. With fewer of their messages getting through, they had to send out more and more spam to work their scams.By August phishing gangs homed in on a new way to make a buck.Instead of asking people to visit a fake Web site, more and more phishers began asking victims to install browser plug-ins or other types of software. To pull this off, theyd send e-mail that comes with malicious software thats supposed to be a security update from a bank. Sometimes theyd simply purchase time on infected botnet computers and install code that steals banking credentials from machines that had already been hacked. News Fri, 19 Dec 08 22:53:28 -0800 http://www.spambully.com/news/blog/story/152/As_phishing_evolves_criminals_switch_to_malware/ http://www.spambully.com/news/blog/story/151/Its_Virus_Season:_Fight_The_Malware/ Q: I love the Web, but hate worrying about viruses, spam, spyware, trojans and worms. What can I do?A: These malicious intruders called malware not only threaten your computers security, but also slow your computer.Anti-virus software, though not infallible, can kill many of the pests on your computer and keep others from setting up shop. You can pay a bundle for that protection, or you can get free downloads. But does the freeware work?The for-pay anti-virus software, such as Norton Antivirus 2009 40 symantec.com, stays more up to date on the latest malware than the free anti-virus downloads, so they can be worth the cost.But combining smart Web surfing with free anti-virus software can give you a lot of protection.Whichever approach you choose, remember that although its annoying to fight malware, its a lot less annoying than trying to salvage an infected computer. News Fri, 19 Dec 08 22:46:41 -0800 http://www.spambully.com/news/blog/story/151/Its_Virus_Season:_Fight_The_Malware/ http://www.spambully.com/news/blog/story/150/Hong_Kong_Man_Pleads_Guilty_in_Spam_Scam/ A Hong Kong resident has pleaded guilty in a U.S. federal court for his part in a scam where tens of millions of spam emails were sent, artificially pumping up the stock price of Chinese companies between 2004 and 2006.According to media reports in the U.S., How Wai John Hui, a resident of Hong Kong and Vancouver, was the CEO of U.S.-based China World Trade, one of the companies whose stock was inflated as a result of the scam. As part of his plea agreement with prosecutors the 50-year-old businessman could face a sentence of between 63 and 78 months in jail.While theres been a significant drop in pump-and-dump stock manipulation spam since this alleged conspiracy, its still encouraging to see authorities pursue cases like this, and bring the perpetrators to justice, said Graham Cluley, senior technology consultant at Sophos. Without punishment, the cybercriminals may be tempted to revisit old techniques and this will cause more trouble for computer users.Hui might be part of spam kings gangAs in many cases of cybercrime that we encounter today, Hui wasnt working alone, said Sophos. In fact, he is believed to have been part of a gang which included the notorious Alan Ralsky who was previously accused of being the worlds biggest spammer, Sophos added. News Fri, 19 Dec 08 22:42:05 -0800 http://www.spambully.com/news/blog/story/150/Hong_Kong_Man_Pleads_Guilty_in_Spam_Scam/ http://www.spambully.com/news/blog/story/149/Cybersecurity_researchers_spot_the_first_spyware_for_Apples_smart_phone./ Careful, iPhone users: Your smart phone may be smarter than you think.On Thursday researchers at Finnish cybersecurity firm F-Secure said they have spotted the first known instance of iPhone spyware called Mobile Spy, a piece of commercial software that sells for 99 a year.Mobile Spy developer Retina-X Studios says the software can invisibly track the call logs, text messages and even the GPS data of any iPhone its installed on, allowing the eavesdropper to track the users whereabouts on a Web site that hosts the stolen data.Mobile Spy will reveal the truth for any company or family, the companys site advertises. You will finally learn the truth about your family members or employees call, mobile-Web and text-message activities by logging into your Mobile Spy account from any computer. The worlds first iPhone spy software!Smart phone spyware for other platforms isnt new: Commercially available spyware for Windows Mobile and Symbian operating systems have existed for years. But Mobile Spys software is the first spyware vendor to target Apples nasdaq: AAPL - news - people growing marketshare in the telecom world. News Thu, 18 Dec 08 20:23:39 -0800 http://www.spambully.com/news/blog/story/149/Cybersecurity_researchers_spot_the_first_spyware_for_Apples_smart_phone./ http://www.spambully.com/news/blog/story/148/Spam_e-mail_a_growing_threat_Cisco_report_find/ A stunning 90 percent of all e-mails are spam, according to a new Cisco Systems study that estimated 200 billion messages a day are phishing for personal information, double the volume of 2007.Wendy Ash of Corralitos is all too familiar with the problem.She recently got an e-mail saying her account at Union Bank was blocked, asking her to click to get more information. The message was a fraud, and could have led her into a phishing Web site. Employees at the bank told her there was nothing they could do.I just want to warn people, said Ash, who was a victim of identity theft last year when someone got access to her checking account to make several hundred dollars worth of purchases online.Online and data security threats are growing in sophistication and are more difficult to detect, the Cisco report stated.In many cases, online criminals rent or steal lists of valid e-mail addresses and thus can personalize outgoing messages. This makes it easier to tempt even savvy Internet users into typing in login names, passwords, and other sensitive information. News Thu, 18 Dec 08 20:19:35 -0800 http://www.spambully.com/news/blog/story/148/Spam_e-mail_a_growing_threat_Cisco_report_find/ http://www.spambully.com/news/blog/story/147/Microsoft_Releases_Critical_Patch_For_IE_Zero_Day_Flaw/ Microsoft NSDQ:MSFT issued an out-of-band emergency patch Wednesday for a zero-day Internet Explorer vulnerability that has opened the door for hackers to install malware on susceptible computers without any user intervention.The flaw, which is given the highest severity rating of critical, affects all versions of Microsofts IE Web browser. Specifically, Microsofts IE update affects versions of Windows 2000 for IE 5.01: XP, XP Professional, Server 2003 for IE 6 and XP, Server 2003, Vista, Server 2008 for IE 7. The vulnerability was reported after the release of Windows IE 8 Beta 2, but Microsoft still recommends in its advisory that users apply the patch.The IE security problem is the result of a fundamental flaw in the browsers data binding function, which ultimately leaves a hole in the memory space that can be accessed by remote hackers. Internet Explorer can then quit unexpectedly while in an exploitable state.Unlike other exploits, users have only to visit a malicious site infused with Trojans or other malware in order to become infected. Hackers can also entice victims to visit a specially crafted site, usually via some kind of phishing or social engineering scheme, or place infected banner ads on legitimate Web sites. News Thu, 18 Dec 08 10:40:54 -0800 http://www.spambully.com/news/blog/story/147/Microsoft_Releases_Critical_Patch_For_IE_Zero_Day_Flaw/ http://www.spambully.com/news/blog/story/146/Get_that_bug_outta_my_hard_drive!/ KUSA - If your laptop or desktop is down to a crawl, chances are its full of bugs. On 9NEWS 5 a.m. we talked to one of the top experts around on how to get em out.Spyware, adware and malware are growing virus threats. Some of it gets in because of flaws in popular browsers, most recently Microsofts Internet Explorer. Some of it gets in because people are lax about running scans to find them.We talked to David Perry, global education director for Trend Micro. He says the latest Explorer problem can be fixed by downloading a new patch that Microsoft is making available.For more advice on tools to see if youve got a virus, click on the video link at the right to watch our interview. News Thu, 18 Dec 08 03:31:49 -0800 http://www.spambully.com/news/blog/story/146/Get_that_bug_outta_my_hard_drive!/ http://www.spambully.com/news/blog/story/145/Holiday_season_brings_out_worst_in_cybercriminals/ Santa might know when youre being bad this time of year, but theres a guy in Ukraine more interested in figuring out your bank-account password and user name.Actually, there are a lot of guys around the world filled with the holiday spirit, working overtime trying to steal your financial information.Cybercriminals the ones trying to trick you into giving them your bank-account number or infect your computer with software to steal the information introduce more scams, viruses and spyware this time of year, say many of the people who monitor online crime.Theres a component of cybercrime that is seasonally variable, said Michael Barrett, chief information officer at PayPal. There are three times as many phishing e-mails beginning the day before Thanksgiving, and we see a reduction after Christmas until after New Years.Phishing, an identity verification scam, starts with an e-mail asking that the recipient update account information at a financial site. News Thu, 18 Dec 08 03:29:35 -0800 http://www.spambully.com/news/blog/story/145/Holiday_season_brings_out_worst_in_cybercriminals/ http://www.spambully.com/news/blog/story/144/Personalized_spam_rising_sharply_study_finds/ SAN FRANCISCO AP Yes, guys, those spam e-mails for Viagra or baldness cream just might be directed to you personally. So, too, are many of the other crafty come-ons clogging inboxes, trying to lure us to fake Web sites so criminals can steal our personal information.A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use.Unlike traditional spam, most of which is blocked by e-mail filters, personalized spam, known as spear phishing messages, often sail through unmolested. Theyre sent in smaller chunks, and often come from accounts the criminals have set up at reputable Web-based e-mail services. Some of the messages are expertly crafted, linking to beautifully designed Web sites that are bogus or immediately install malicious programs.Ciscos annual security study found that spam is growing quickly nearly 200 billion spam messages are now sent each day, double the volume in 2007 and that targeted attacks are also rising sharply. News Thu, 18 Dec 08 03:27:19 -0800 http://www.spambully.com/news/blog/story/144/Personalized_spam_rising_sharply_study_finds/ http://www.spambully.com/news/blog/story/143/Social_networking_malware:_Protect_yourself/ As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent websites and deploying malware throughout their computers and networks, accoring to a a new report by MessageLabs.While spamming via e-mail services remains prevalent, spammers see social networks as the new horizon, says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart, the letters you normally have to type in when you register for a website that says Are you a human?Luckily, if youre wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says. News Tue, 16 Dec 08 21:32:56 -0800 http://www.spambully.com/news/blog/story/143/Social_networking_malware:_Protect_yourself/ http://www.spambully.com/news/blog/story/142/Man_is_guilty_in_Spam_King_case/ DETROIT -- A Hong Kong businessman pleaded guilty Tuesday to federal fraud and money laundering charges in a massive Internet fraud scheme allegedly masterminded by Michigan Spam King Alan Ralsky.How Wai John Hui, 50, a Canadian citizen who lived in Vancouver and Hong Kong, is the third of 11 defendants to plead guilty and agree to testify against Ralsky and others.John Hui, 50, a Canadian citizen who lived in Vancouver and Hong Kong, is the third of 11 defendants to plead guilty and agree to testify against Ralsky and others. Ralsky is the accused ringleader in a conspiracy by which tens of millions of unsolicited e-mail messages were sent to fraudulently pump up the prices of Chinese stocks held by him and his co-conspirators. Ralskys attorney, Steve Fishman, has said Ralsky will fight the charges. A jury trial is set for September.Hui, who could face more than six years in prison when he is sentenced in October, was the Chinese connection and the CEO of one of the companies whose stock was artificially inflated as a result of the fraud, Acting U.S. Attorney Terrence Berg said.The Internet makes it so much easier to reach this worldwide pool of victims, Berg said. When you combine that with the ability to pump up stocks through sending millions of messages and being able to manipulate the market, that means a lot of profits for the bad guys and a lot of harm to the victims. News Tue, 16 Dec 08 21:29:55 -0800 http://www.spambully.com/news/blog/story/142/Man_is_guilty_in_Spam_King_case/ http://www.spambully.com/news/blog/story/141/Spam_to_hit_record_levels_in_2009/ IT security firm Barracuda Networks is predicting that spam volumes will rise to more than 95 per cent of all email in 2009, despite a crackdown on several major spam outfits in recent months.The companys research found that spam levels in 2008 remained largely unchanged compared with the previous year, making up between 90 and 95 per cent of total email attempts.However, the growing use of botnets could push this figure over the 95 per cent mark next year, according to Barracuda.As the end of the year quickly approaches, many are asking if spam levels can get any worse in the new year, said Stephen Pao, vice president of product management at Barracuda.There are a couple factors that we predict may cause spam to increase slightly in 2009, but it is equally important to note that the level of legitimate email is also increasing each year. News Tue, 16 Dec 08 21:25:47 -0800 http://www.spambully.com/news/blog/story/141/Spam_to_hit_record_levels_in_2009/ http://www.spambully.com/news/blog/story/140/About_90_percent_of_all_email_is_spam:_Cisco/ SAN FRANCISCO AFP Armies of hijacked computers are flooding the world with spam as hackers devise slicker ways to take over unwitting peoples machines, according to a Cisco report.Virus-infected computers are woven into botnets used to attack more machines and to send specious sales pitches to email addresses in low-cost quests to bilk readers out of cash.Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet, said Cisco chief security researcher Patrick Peterson.Junk email referred to as spam accounts for nearly 200 billion messages daily, approximately 90 percent of email worldwide, according to a Cisco Annual Security Report.The United States is the biggest source of spam, accounting for 17.2 percent of the messages. Turkey and Russia ranked second and third, accounting for 9.2 percent and 8 percent of spam respectively, according to Cisco. News Tue, 16 Dec 08 21:20:40 -0800 http://www.spambully.com/news/blog/story/140/About_90_percent_of_all_email_is_spam:_Cisco/ http://www.spambully.com/news/blog/story/139/Report:_Hackers_Will_Be_Bolder_Smarter_Craftier_in_2009/ Malicious computer hackers will utilize better technological and psychological techniques in the year ahead, according to a security report from equipment vendor Cisco. Targeted attacks, cross-vector attacks and a rise in threats originating from legit domains are the reports most concerning trends.As malware writers and Internet attackers become more sophisticated, 2009 looks to be a year of more focused attacks by profit-driven criminals bent on stealing data from businesses, employees and consumers.Networking firm Cisco Nasdaq: CSCO Latest News about Cisco Systems released its annual Threat Report Monday, citing a nearly 12 percent increase in the number of disclosed vulnerabilities over 2007 and a tripling of vulnerabilities in virtualization Consolidate Mac Servers. Run Windows Server on your Mac. Watch a Demo or Download a Trial. technology since last year.Targeted attacks and blended, cross-vector assaults, along with a 90 percent growth in threats originating from legitimate domains, top this years list of the most worrisome new trends plaguing computer users, according to the report.Attackers are changing tactics, leaving infected attachments behind for more specialized methods. Malware volume propagated via e-mail attachments declined by 50 percent from the previous two years 2005-2006, noted Cisco researchers. News Mon, 15 Dec 08 19:43:05 -0800 http://www.spambully.com/news/blog/story/139/Report:_Hackers_Will_Be_Bolder_Smarter_Craftier_in_2009/ http://www.spambully.com/news/blog/story/138/Cisco_Report_Spotlights_Worldwide_Cyber_Security_Threats/ Cisco NASDAQ: CSCO today released a security report that warns that Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers. In the 2008 edition of the Cisco Annual Security Report, the company identifies the years top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities.Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet. This years trends underscore how important it is to look at all basic elements of security policies and technologies, said Patrick Peterson, Cisco fellow and chief security researcher. Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk.Peterson describes some key threat trends that gained prominence in 2008 in three video blogs posted today:1. Overview of the Report: http:www.youtube.comwatch?vlGy1myxIDu02. Botnets http:www.youtube.comwatch?vtvfdj6OD4bk3. Reputation Hijacking http:www.youtube.comwatch?vGZ_1oRSZhL8 News Mon, 15 Dec 08 09:19:34 -0800 http://www.spambully.com/news/blog/story/138/Cisco_Report_Spotlights_Worldwide_Cyber_Security_Threats/ http://www.spambully.com/news/blog/story/137/Malware_madness_and_spammers_in_the_slammer:_The_year_in_cybercrime/ One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. View our slide show of 2008s biggest tech crime storiesSecurity software company Symantec became the latest company to raise red flags about what it called the underground server economy last month, when it issued a report estimating that roughly 276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information 16%, server accounts 10%, financial accounts 8% and spam and phishing programs 6% trailing far behind.Whats even more unnerving than the availability of this information is its low price. According to Symantec, bank account credentials are selling for 10 to 1,000, while information about financial Web sites vulnerabilities sell for an average 740. If all the stolen information available on the servers were exploited successfully, it would bring in about 5 billion, Symantec estimates.One big reason this data is more widely available is that writing malicious code has grown from a hobby for many hackers into a full-time job where code writers make a living stealing information and selling it over underground server systems, says Dave Marcus, security research and communications manager at McAfee Avert Labs. News Sun, 14 Dec 08 20:33:35 -0800 http://www.spambully.com/news/blog/story/137/Malware_madness_and_spammers_in_the_slammer:_The_year_in_cybercrime/ http://www.spambully.com/news/blog/story/136/Todays_sneaky_viruses_require_extra_precautions/ The malware assault on our PCs escalated in 2008, according to antivirus vendor F-Secure. The companys threat summary for the second half of 2008 reports that F-Secure added 1 million virus definitions to its database this year, a threefold increase from the number of viruses the Finnish security vendor detected in 2007.Todays malware authors arent just looking to cause trouble theyre after your money and personal information, which these days are synonymous. Attacks are only going to increase in number and sophistication. If you thought you could avoid an infection by staying away from questionable sites, downloads, and e-mail links, youre mistaken.The only way to play it safe is to assume the worst. Thats why I spent several hours last week disinfecting a notebook computer that probably wasnt infected in the first place.It all started when I decided to run a free online virus scan on my notebook. I use a top-rated security suite thats set to update its virus definitions and other settings automatically, so I was confident the scan would come up empty. Im not going to name either product because I dont want this post to be construed as a recommendation one way or the other.Unfortunately, after a complete system check, the online virus service told me it found two suspicious files on my notebook. The scanners option to remove the files was grayed out, and the option to skip them was recommended. News Sun, 14 Dec 08 20:31:26 -0800 http://www.spambully.com/news/blog/story/136/Todays_sneaky_viruses_require_extra_precautions/ http://www.spambully.com/news/blog/story/135/Spam_levels_rise_again_after_McColo_fallout_fades/ December 15, 2008 Computerworld Spam volumes are creeping up again after plummeting four weeks ago when a rogue hosting company was yanked off of the Internet.IronPort Systems Inc., a maker of e-mail security tools, said that spam volumes last Tuesday reached 96.8 billion messages, over 30 billion more than were sent in the days following the Nov. 11 takedown of McColo Corp. by its primary Internet service providers.An average of 190 billion spam messages were sent daily in the month prior to the shutdown of McColo for allegedly harboring cybercriminals running some of the biggest spam-spewing botnets.Joe Stewart, director of malware research at SecureWorks Inc., said botnets that were mostly unaffected by McColos disappearance are responsible for the resurgence. News Sun, 14 Dec 08 20:29:28 -0800 http://www.spambully.com/news/blog/story/135/Spam_levels_rise_again_after_McColo_fallout_fades/ http://www.spambully.com/news/blog/story/134/Cyber_thieves_busy_during_holiday_season/ With holiday shopping in full swing, everyone is out looking for a steal. And that includes criminals.Internet users will get the usual barrage of offers that are too good to be true. Some will be deals, but others will be duds in the form of cyber criminals.These bad guys will multiply their efforts this year to get shoppers to give out personal information, according to experts at Trend Micro, an Internet security firm. The struggling economy is giving crooks more incentive for ripping people off and stealing their identity online.Just how prevalent is online crime? Try 3 billion taken by scammers last year, Trend Micro reports.This time of year, shoppers are more aggressive to sign up for a bargain and the crooks know this, experts say. News Sat, 13 Dec 08 22:14:03 -0800 http://www.spambully.com/news/blog/story/134/Cyber_thieves_busy_during_holiday_season/ http://www.spambully.com/news/blog/story/133/Koobface_Virus_Spreads_to_Bebo/ A virus thats attacking Facebook users is also infecting other social networking sites, says ScanSafe.Koobface tricks social networkers into downloading malicious malware onto their PC. Users receive messages that look as if theyre videos. Often they say something like you look funny. When the user clicks to see the video, he is taken to a new website and asked to download special software in order to see the video.That software is malicious and once installed on a PC, the Trojan will direct users to hoax search engines and other websites, putting them at risk of ID theft.According to ScanSafe, Koobface has been identified on Bebo and could even spread to other social networking sites including - MySpace and Friendster. ScanSafe also claims that the virus accounts for one percent of all its blocked malware. News Sat, 13 Dec 08 09:04:30 -0800 http://www.spambully.com/news/blog/story/133/Koobface_Virus_Spreads_to_Bebo/ http://www.spambully.com/news/blog/story/132/Economies_of_Scale_in_the_Spam_Business/ Erik Larkin, PC WorldPC WorldSaturday, December 13, 2008 12:19 AMBarak Obama Is on the Verge of Death!This header on a piece of pre-election spam had credibility problems spelling the candidates first name correctly might have helped, but it got peoples attention. It was one of a slew of junk-mail blasts that used campaign-related topics to trick unwary readers into opening the message. This particular missive carried an image that, when clicked, jumped credulous recipients to an online pharmacy site.Hackers SmokeOther pre-election spam promised nude pictures of a candidates wife, blamed the death of a perfectly healthy public figure on President Bush, or warned that The State is in peril. Each example captured by antispam company Cloudmark shows spammers trying to make their mass-mailings more enticing by fronting them with fake headlines about prominent people in the news. But who falls for this garbage?The good news is that few people do. An infiltration of spam networks by researchers offers a rare glimpse into spam conversion rates--the percentage of people who respond to each displayed online ad, piece of direct mail, or spam sent. According to the study, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, only 1 in 12.5 million pieces of spam ended up snaring someone foolish enough to buy from a fake online pharmacy. But even that minuscule response rate is enough to reward spammers with a tidy profit.A host of quiet cookie trackers and other tools help marketers gauge the conversion rate for banner ads and the like, but such numbers for spam are normally very difficult to obtain. To overcome this problem, computer science researchers at University of California campuses in Berkeley and San Diego effectively hijacked a portion of the Storm botnet, which uses a huge network of malware-infected PCs to send spam and conduct other dirty business. News Fri, 12 Dec 08 21:01:55 -0800 http://www.spambully.com/news/blog/story/132/Economies_of_Scale_in_the_Spam_Business/