Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
McAfee is looking into a problem with a service in its SaaS Endpoint Protection software that appears to be allowing computers to serve as open proxies for sending spam, the company told CNET today. "We are aware of the issue and have both threat analytics and development teams diligently analyzing the problem and possible solutions," the company said in a statement. "We will have more information on the issue shortly." A public relations representative said she was attempting to get more information on the matter but did not get back to CNET by the end of the work day. The problem was reported by McAfee customers on the Web who complained that their e-mails were being blocked by e-mail providers and their IP addresses were being blacklisted for sending spam. The problem appears to be in the RumorServer Service myAgtSvc.exe, McAfee Peer Distribution Service, which is part of McAfee SaaS Endpoint Protection Suite, previously known as Total Protection Service, according to the Kaamar Blog. The technology, used for delivering updates to computers without a direct Internet connection, serves as an Open Proxy on Port 6515, which effectively opens the computer up to being used by spammers to use the computer to send spam to other sites that looks like it is coming from that IP address, the blog post says. The Kaamar blog first detected a problem on January 4 when e-mail was returned undelivered with a message saying "Our system has detected an unusual rate of unsolicited mail originating from your IP address."
Hackers are increasingly targeting child-focused gaming websites, according to a leading anti-virus firm. Avast says it detected malware threats at more than 60 sites that contained "game" or "arcade" in their title, in the 30 days running up to 12 January. It says the pages tried to download Javascript infections, redirectors and potentially unwanted software. The Czech company says that young children are often less careful than adults about what they click on. "These are sites with mini-games, including flash applications and simple online apps - one example is software that allows girls to dress and change the clothes of characters," Ondrej Vlcek, the firm's chief technical officer, told the BBC. Avast says the most visited site affected - cutearcade.com - had generated more than 12,600 infection reports from its protection software as of last week. The company says a Trojan on the site had redirected users to linuxstabs.com, a known distribution point for malware. Cutearcade.com's owner Two Point Oh, registered to the British Virgin Island of Tortola, did not respond to requests for comment. At the time of writing the site no longer triggered a malware warning.
Scores of Twitter accounts have been posting tweets promoting weight-loss programmes in a new spam attack that even included ANC Youth League spokesperson Floyd Shivambu and City Press editor Ferial Haffajee. Shivambu's account @floydns sent out numerous spam tweets with suspicious-looking links on Sunday, all promoting weight-loss. The spam also included direct messages with similar content. City Press editor Ferial Haffajee's account (@ferialhaffajee) was also compromised, as she “tweeted”: “Want to lose any weight? go here: http://mediareadonline.com best product for losing weight.” Haffajee was, however, quick to pick up the spam and tweeted to her followers: “Sorry, I've been hacked. I think you're gorgeous just as you are, of course.” Weight-loss spam on Twitter is nothing new, however, and there have been numerous similar spam attacks in the past. Last year, an attack that started on instant messaging services also infected Twitter with a proliferation of messages with links to weight-loss products. As with the current proliferation of spam, the previous attacks made use of URL shortening services often used on Twitter such as TinyURL in order to mask the spam link.
A new form of virus—dubbed social media virus or social spam—has companies like Facebook and Twitter working around the clock to prevent hackers from exploiting their social networks. Hackers have become adept at creating fraudulent profile accounts from which to launch large scale spam attacks. A new Social Spam Index created by Imperium, a start-up company devoted exclusively to fighting social spam, indicates that as much as 40% of public profiles across social networks are now fraudulent. Roughly 400 million Facebook users, for example, are victimized by social spam each day. And TechCrunch reported earlier this month that one of Imperium’s social network clients experienced a spam attack in which 300,000 fraudulent accounts were created in one hour, resulting in 475,000 spam messages to legitimate community members. Compared to email spam, the problem of social spam as a percentage of overall traffic remains relatively small. The Wall Street Journal recently reported that 4% of Facebook posts and 1.5% of Tweets are now spam related. In contrast, more than 70% of all email is currently spam. However, email spam is trending downward (from 92.2% in August 2010) as preventive measures have become more sophisticated and better at blocking email attacks. Consequently, spammers are turning their attention to social networks. Facebook, which says that the volume of spam is outpacing its user base, now blocks 200 million spam-related actions daily. Social viruses involve a number of troubling tactics. Among other things, hackers infiltrate social networks by creating false, often alluring profiles. They then target users who accept their friend invite, simultaneously sending spam across their personal network. The spam spreads further as other users do the same. Additionally, social spam is more deceptive than common email spam because it can make it look like your “friends” are recommending articles, items, and deals. Spammers also use major news events, often emotionally charged, to lure in users. Perhaps the most sophisticated and potentially dangerous social spam involves malware. Hackers dupe users into unwittingly downloading malware, effectively gaining control over their computers. In addition to sending out multiple spam messages, malware tracks users’ online presence, peers in on chat sessions, and even mines personal information.
Spammers are no strangers to new technologies, and as true marketers, would do everything to achieve the objectives of their marketing campaign. Security researchers from WebSense, have detected a spam campaign using QR codes. Scanning the QR code with a QR reader will load the pharmaceutical spam URL in the browser. More details: The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a link to the Web site 2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right (image 2). When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed) (images 3 and 4). This isn’t the first time that cybercriminals use QR codes to spread scams and malicious content. In September, 2011, security researchers from Kaspersky Lab discovered a malware campaign relying on QR codes for spreading of mobile malware.
The latest variant of Ramnit, the Windows malware responsible for the recent theft of at least 45,000 Facebook logins, is the latest example of how malware writers and cyber-criminals take "off-the-shelf" hacks and bolt them together to teach old viruses new tricks. Facebook passwords aren't the only thing that the Ramnit virus can grab—thanks to the integration of some of the code from the Zeus botnet trojan, Ramnit can now be customized with modules for all manners of remote-controlled mayhem. "Ramnit is an interesting beast," said Amit Klein, CTO of web security services firm Trusteer in an interview with Ars. "Until last summer, it was just a generic worm spreading around by infecting files. Then they retrofitted it with financial fraud capabilities." The evolved version of Ramnit is a potent threat to enterprises, he said, because it can capture any data in a web session—and as more companies move to web-based software as a service for enterprise applications, that could include almost anything. First sighted by researchers in 2010 in its initial form, Ramnit spreads by attaching itself to Windows executable files (.EXE. .SCR and .DLL files) as well as to HTML documents. In some variants spotted earlier this year by Microsoft researchers, it also attached itself to Microsoft Office documents. Versions have also been spotted that install themselves onto USB drives when they're connected, and create an Autorun script that launches the virus' installer when the drive is plugged into another PC.
The Japanese government has been quietly developing a cyberweapon since 2008, which reportedly is able to track, identify and disable sources of online attacks, one report stated. According to The Daily Yomiuri on Tuesday, the cyberweapon is a three-year project to research and test network security analysis equipment production and was helmed by the country's Defense Ministry's Technical Research and Development Institute, which is in charge of weapons development. The goverment agency then outsourced the project to Fujitsu, which won the bid to develop the malware cyberweapon and a system to monitor and analyze cyberattacks, for 178.5 million yen (US$2.3 million). The malware has since been tested in a closed network environment, the report added. It also pointed out that while cyberweapons are already in use by countries such as the United States and China, there is no provision within Japan's existing legislation on foreign attacks to allow the use of cyberweapons against external parties. As such, the Defense Ministry and Foreign Ministry have begun legislative consideration regarding the matter, according to unnamed sources cited by The Daily Yomiuri. The virus has the ability to trace cyberattack sources beyond the immediate source to all "springboard" computers used in the transmission of the virus "to a high degree of accuracy" for distributed denial-of-service (DDoS) attacks, the report noted. It can also disable the attack and collect relevant information.
AUSTRALIA'S second-biggest online broking business, ANZ's E*Trade, was forced to shut down over Christmas and New Year because of a ''malicious'' cyber attack from overseas. Thousands of emails bombarded the broking site in a ''denial of service'' attack. The lockout was first noticed by E*Trade customers trying to access the site from overseas, as the bank shut off access to all overseas users. It is believed that as risk assessments were done on individual countries, access was restored. An E*Trade spokesman said that, while the closure principally affected users overseas, there was ''intermittent access for customers in Australia on 19 and 20 December''.
Google has been accused of violating its own anti-spam rules by sponsoring hundreds of blog postings in an effort to promote Chrome, its web browser. The postings, which give glowing "reviews" to the software for use in small businesses, make it clear they are sponsored by Google. They also include sponsored links that work to promote the term “Google Chrome” in Google’s search results, however, in violation of its own rules against using spam to manipulate rankings. But the search engine company said the fault lay with a media buying firm called Essence Digital, employed by Google. In a statement, Essence Digital said: "We want to be perfectly clear here: Google never approved a sponsored-post campaign. "They only agreed to buy online video ads. Google have consistently avoided paid postings to promote their products, because in their view these kind of promotions are not transparent or in the best interests of users.
Police in India say they have arrested six foreign nationals suspected of defrauding hundreds of people using text message and email scams. Scam victims were duped after being told they had won a lottery. Authorities seized 14 laptops, seven memory sticks and 23 mobile phones, as well as fake documents and cash. The arrests come after security firm Kaspersky reported that India now sent more spam than any other country in the world. Police said the six men, all Nigerian, would be remanded in custody until 12 January. The arrests signal attempts to crack down on a growing cybercrime problem in the region. Mumbai-based internet security specialist Vijay Mukhi said poor enforcement of laws meant spammers could act with impunity. "We have an Information Technology Act that was introduced in 2000. But we don't have any convictions under it and it's silent on spam," he said.
