Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Here you have... a royal pain in the neck. A global e-mail virus spammed inboxes this afternoon, slowing -- and in some cases halting -- work at offices around the world as employees watched their inboxes inexplicably fill with e-mails under the subject line "Here you have." Some workers were forced to go without e-mail altogether, as the flood of spam put their services out of commission. Organizations including NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida Department of Transportation and Wells Fargo are just a few of the organizations apparently affected by the worm, which appears to have sent out hundreds of thousands, if not millions of e-mails. When contacted by ABCNews.com, security firm McAfee said it was investigating the attack but confirmed that it had affected corporations around the world. Although McAfee did not disclose how widespread the attack was, around 4 p.m. Thursday afternoon, the subject of the spam e-mail, "Here you have," was the second hottest search on Google trends. Dmitri Alperovitch, vice president of threat research at McAfee, told ABCNews.com that the company was investigating the attack.
A federal magistrate judge has recommended that Microsoft be given ownership of 276 internet addresses used to control “Waledac,” a massive botnet that the software company has been working to bring down. The recommendation by Magistrate Judge John F. Anderson of the US District Court for Eastern Virginia is a victory in Microsoft's experimental campaign to wrest control of one of the net's biggest menaces. The effort, which commenced in February, has combined technical and legal maneuvers in an attempt to disrupt Waledac, which was once one of the 10 biggest botnets and a major distributor of spam. Just a few weeks after the launch of Operation b49, as Microsoft dubs the takedown, as many as 90,000 zombie PCs lost contact with the command and control channels used to send malware updates that keep them infected. It was the result of a novel move, in which Microsoft lawyers sought a temporary order that seized control of 277 domain names used to administer the channels. “To date, we have seen virtually no reemergence of Waledac traffic,” Jeff Williams, principal group program manager for Microsoft's Malware Protection Center, wrote on Wednesday. “This puts the Waledac takedown among a very few successful efforts to shut down a botnet without having it re-emerge.”
SEATTLE — With a judicial assist, Microsoft has perfected a new superweapon to shoot down botnets, the engines cybergangs use to deliver malicious Internet attacks. The U.S. District Court of Eastern Virginia last week granted a motion that, in effect, gives Microsoft permanent ownership of 276 Web domains once used by the Waledac cybergang to send instructions to hundreds of thousands of spam-spreading PCs. Cybersleuths and attorneys at Microsoft's digital crimes unit actually decapitated the Waledac botnet in February by persuading District Court Judge Leonie Brinkema to issue a temporary restraining order to take the 276 domains offline. Brinkema's order was unusual because the owner of the domains could not be reached and thus did not have a day in court to protest, says Microsoft senior attorney Richard Boscovich Sr. With permanent ownership of the domains, Microsoft now has a proven legal means to take aim at U.S.-registered domains — including .com, .net, .biz and .org domains — shown to be conducting criminal activity. "It's open season on botnets," says Boscovich. "The hunting licenses have been handed out, and we're coming back for more." The Waledac botnet was a major source of spam and PC infections, at its peak in 2009 delivering 1.5 billion spam messages daily. Microsoft added detection and filtering for Waledac infections to its free malicious software removal tool. But cleaning infected PCs one by one did not stop the command PCs.
Security experts have discovered a new breed of Facebook attack that exploits a vulnerability on the platform to auto-post spam links on users' walls. According to internet security firm F-Secure, spam messages get posted on victims walls the moment they click on a compromised link. “A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links. Until now, typical Facebook spam has required the use of some social engineering to spread,” the company said. Security firm Sophos explained that once users click on the link, the fake application gets automatically added to their profiles, as well as getting posted as their status message on their friends' wall. Experts are predicting that typical Facebook social engineering spam attacks will be soon replaced by this new kind of auto-replicating spam attack. Tech news site Cnet reports that Facebook has been quick to respond to the threat and has already plugged the vulnerability that caused the spam to spread automatically. Read more: http://www.itproportal.com/portal/news/article/2010/9/8/new-spam-attack-exploits-facebook-flaw/#ixzz0ywozJYzh
Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found. The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month. Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are "infected." The user is invited to have the infection cleaned by buying the bogus TotalSecurity product. Adding an extra layer of sophistication to its arsenal -- and no doubt aware how quickly bogus antivirus software is blocked by genuine security products -- TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder. "This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky. According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website.
Earlier this week, Apple launched a platform called Ping, which is built into the latest iteration of iTunes. Ping is a sort of Facebook or MySpace for iTunes people: You can use the service to share your favorite songs and videos, suggest content to friends, and search for concerts and events in your area. But Ping has gotten off to a rocky start. First, Mashable reported that many people were having problems accessing Ping. Then were some integration issues with Facebook. Now comes news that Ping is being flooded by spam messages – many of which, ironically, appear to be the kind of iPhone and iPad advertisements that so often show up on Facebook feeds. "Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms," Chester Wisniewski writes today on the Sophos blog. "But apparently Apple didn't consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams." OK, so the problems for Ping are daunting. But are they enough to sink the fledging social network? Probably not. Apple has pushed past bad launches before. Back in June, of course, Apple released the iPhone 4, which was greeted warmly by reviewers, but skewered in the press for an apparent problem – the "death grip" – with the wraparound antenna. Much noise ensued, and eventually, Apple CEO Steve Jobs announced that Apple would issue free bumper cases to all eligible consumers. Problem solved, more or less. "Despite the waves of controversy that surrounded the iPhone 4 within days of its launch, the latest Apple release is outperforming almost every other smart phone in the industry in terms of overall customer satisfaction and meeting owners' expectations," researchers at a site called ChangeWave wrote in August, noting that the vast majority of customers were happy with their iPhone 4 handsets.
CSO - The Federal Communications Commission (FCC) is asking for help in developing a "Cybersecurity Roadmap," an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments. The one piece of advice I will offer the commission is to begin measuring the responsiveness of Internet service providers (ISPs) and hosting companies in quashing malicious threats that take up residence on their networks. This is an imperative first step to prevent attacks on the Internet infrastructure, in addition to making the Internet a friendlier place for users. Also see Krebs' Botnets: The Democratization of Espionage The FCC said that it is seeking comments on how to proceed with the roadmap, which is part of the commission's National Broadband Plan to roll high-speed Internet services to more Americans. The commission made the request at almost the same time as the Pew Research Center's Internet & American Life Project issued its finding that more than half of Americans disagree with federal efforts to expand broadband deployment, an effort for which the Obama administration has allocated more than $7 billion. The Pew report came as the FCC was releasing data showing that most Americans who are paying for high-speed access aren't getting anywhere near the Internet speeds they've been promised. Here's my proposal: Instead of spending billions to squeeze even more people onto already overloaded high-speed lines, the commission should spend its resources trying to improve the security, privacy and satisfaction of people already using these networks.
BEIJING — China began requiring identification on Wednesday from anyone purchasing a new mobile phone number in what it says is a bid to stamp out rampant junk messages but that some say gives the government a new tool for monitoring its citizens. The rules apply to everyone, including foreigners visiting China for a short stay, the China Daily newspaper reported. The paper said the regulation was "the latest campaign by the government to curb the global scourge of spam, pornographic messages and fraud on cellular phones." Low-cost mobile phone SIM cards are readily available in China, offered for sale at convenience stores, newspaper stands and at airport kiosks. Users could previously buy cards anonymously with cash and use them right away, a system that has made it difficult to track down spammers. The China Daily said that mobile users in China receive an average of 43 text messages a week, including 12 that are spam. The ID requirement is raising new privacy concerns and will likely upset some customers unwilling to give personal information to vendors and telecom companies for fear it will be resold, said Duncan Clark, managing director of BDA China Ltd., a technology market research firm. Wang Songlian, research coordinator with the Hong Kong-based Chinese Human Rights Defenders, said the new requirement fits a pattern of tightening government control over new communication technologies.
A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security. The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said Ed Rowley, product manager for M86 Security. The spam often advertises fake software, so-called designer goods and questionable pharmaceutical products. But security analysts with the computer security company LastLine took action last week, contacting ISPs that were hosting the command-and-control infrastructure for the botnet. About 30 servers at eight hosting providers were found to be supporting Pushdo. LastLine contacted the ISPs, and about 20 of the servers were taken offline, according to itsblog. Some ISPs, however, were unresponsive. Spam levels have dropped, Rowley said. LastLine's action "will almost certainly have a positive effect for two to three weeks," Rowley said. But "the spammers will be able to find other hosting providers where they will be able to get their systems up and running." LastLine appears to have taken down parts of Pushdo and Cutwail, which work together, wrote Atif Mushtaq of FireEye's Malware Intelligence Lab, in a blog post. Pushdo is a Trojan. Once it infects a computer, it often downloads Cutwail, a piece of malware capable of spamming as well as downloading other bad programs.
Forget the firewall. About 25% of malware today is designed to spread via USB storage devices that connect directly to PCs. The number comes from Panda Security, which recently surveyed 10,470 small and midsize companies -- those having up to 1,000 computers -- in 20 countries. Roughly half said that their organization had been infected by malware at least once in the previous year, and in the United States, 27% said the origin was a USB device. "Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, technical director of PandaLabs. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user. This has been the case with many infections we have seen this year, such as the distribution of the Mariposa and Vodafone botnets." Comparatively speaking, Panda found that 21% of malware originated via email and 14% from downloads or peer-to-peer networks. Infection-wise, the report also found that in the United States, the number of organizations reporting a malware infection over the past year increased slightly from 2009 to 2010, from 44% to 46%. In Europe in the same timeframe, however, infections declined from 58% to 49%. Viruses are still the most seen type of malware, accounting for an average of 45% of the malicious code that makes its way inside the network. Spyware, meanwhile, accounts for 23%. According to the report, however, 13% of small and midsize businesses don't have any security systems in place, with 57% of them saying their organization didn't regard security as a priority. For companies with security in place, they overwhelmingly (97%) do use antivirus software, with about one-third using free antivirus software aimed at home users. Personal firewalls are also quite popular, while anti-spam technology is not.
