Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Nine in ten emails in circulation are spam, resulting in junk mail volumes not experienced since September 2007, according to the latest stats from email security services outfit MessageLabs. The abuse of free hosted domains is playing a major role in clogging users' in-boxes with get-rich-quick scams and penis pill offers, MessageLabs reports. The security services arm of Symantec noted that junk mail levels reached 90.4 per cent during May. That figure includes email from "new and previously unknown bad sources" so the actual raw figure is probably even higher. Most of the spam detected in May had little content beyond a subject line and valid hyperlink, sometimes linked to profiles on social networking websites. Often junk emails were sent through valid webmail hosting providers, rather than using spoofed addresses. Other rudimentary filter-evasion techniques include the use of Russian language characters in spam messages. "As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec. "In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as a triple threat to heighten the effectiveness of their spamming."
Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month. That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet. Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec. These botnet computers can be rented out on the black market by anybody, but in recent months some spammers have been moving away from botnets, experimenting with a new way to sneak their unwanted e-mail past corporate filters, according to Adam O'Donnell, a researcher with antispam vendor Cloudmark. "Some of the larger ISPs are seeing a lot of non-bot-driven spam," O'Donnell said. With these campaigns, the spammer will rent legitimate network services, often in an Eastern European country such as Romania, and then blast a large amount of spam at a particular ISP's network. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. Spammers are sending hundreds of thousands of messages per day using this technique, O'Donnell said.
Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May. Symantec's May 2009 MessageLabs Intelligence report reveals other disturbing trends, as well. Rather than just hijack disreputable Web sites, cybercriminals now favor older and well-established domains to host their malware. The report says 84.6 percent of all domains blocked for malicious content are more than a year old. One type of domain now especially vulnerable to threats is social networking, since most of the sites' content is created by users. "Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content," said Paul Wood, Symantec's MessageLabs Intelligence senior analyst. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down." Where you live also determines when you're spammed, says the report. For people in the U.S., spam hits its peak between 9 a.m. and 10 a.m. and then drops overnight. Europeans get a solid stream of spam throughout the day, while users in Asia-Pacific countries find most spam waiting for them in the morning. One reason for this trend, says the report, is that most spammers are at their busiest during U.S. working hours. The popular CAPTCHA program, which asks the user to type in a series of random characters, is no longer proving as effective as once hoped. Many Web sites have relied on CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to ensure that accounts are created by actual human beings.
Malware Wednesday crippled Windows-based computer systems at the U.S. Marshals Service, which hunts federal fugitives and operates the country's witness protection program, knocking the agency’s network offline. The agency's press office confirmed it was having network problems and that its e-mail system was down this morning, but it was unclear if the outage extended across the entire network. The press office said a statement would be issued today, but has yet to be released. Per government regulations agencies are required to report security incidents to the US-Computer Emergency Readiness Team (US-CERT). A call to CERT was not returned by press time. It was not clear if the malware was the cause of the network outage or if the agency took down systems to stem the spread of what was believed to be the Neeris worm, which saw a new version appear last month that copies Conficker's evil ways. The agency was running desktop malware software, but it had not been updated for more than three years even though the agency had paid for upgrades to newer versions that protect against Neeris. In addition, Microsoft has issued two patches, one in 2006 and one in October, to close holes in its software exploited by Neeris.
A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive. Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site. “This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.” To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem: Make sure security protection is implemented for web servers and web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they're about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense. Organizations also should install gateway security that is capable of drilling down into every internet access request. And make sure perimeters are secured with auditable firewalls.
A new web-based malware attack comprising almost half of detected infections this week has been detected by IT security and control firm Sophos. Identified as JSRedir-R, the threat has been found targeting high traffic legitimate websites, surreptitiously loading malicious content from third-party sites. It has been detected by Sophos six times more often than Mal/Iframe-F, which has been the most widespread web-based threat for over a year. "No one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn't going to change anytime soon," said Graham Cluley, senior technology consultant, Sophos. The malware, said Sophos, can be used to steal sensitive information, commit identity theft or meddle with search engine results. "The problem is that too many computer users still think there's no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it's time to wake up. Hackers won't stop targeting the web as it's proving a successful way for them to spread their infections. To combat this, it's essential to scan every website for malicious code before visiting it," Cluley added.
Three cybersecurity groups said Tuesday they plan to band together to combat the growing scourge of malware. The Anti-Spyware Coalition, National Cyber Security Alliance, and StopBadware.org said the Chain of Trust Initiative will link together vendors, researchers, government agencies, network providers, and other groups involved in internet security. The members said they want to establish a united front against malware suppliers in much the way groups coalesced to successfully fight providers of adware several years ago. "Organization and collaboration are out best tools against an enemy that doesn't play by any rules," StopBadware.org's manager, Maxim Weinstein, said in a statement announcing the alliance. "Just by nature of how the internet works, malware distributors have a technological advantage, but we can respond by strengthening our shared networks and by better understanding our shared responsibilities." Maybe so, but it's clear that the participants have their work cut out. While the groups are looking to the the success the ASC, or Anti-Spyware Coalition, had in the past few years driving Gator, Zango and other adware and spyware purveyors out of business, fighting malware crooks will be a different thing altogether. Unlike most of the adware pushers, malware organizations don't tend to be legal entities located in the US.
MANILA, Philippines--The global pandemic cause by the swine flu and US President Barack Obama’s first 100 days in office were the top spam topics for the month of May, a report from Symantec showed. In its “State of Spam” monthly report, Symantec noted a sudden spread of swine flu related spam on the first day of May when the A(H1N1) virus was reported to be spreading globally. Some spam email had attachments containing malwares (malicious software) disguised as legitimate PDF files, aimed at fooling readers to think that it contained relevant information on how to protect oneself from the spread of the virus. The report also stressed that spammers are latching on the popularity of US President Obama. For the month of May, the Internet security firm saw exceptionally large number of spam traffic, as Obama neared his first 100 days in office. Other spam topics include Mother’s Day, wherein spammers exploited the event’s popularity and tricking people into download malware disguised as information about gifts for mothers.
In an attempt to stay one step ahead of security companies, the Gumblar web attack has jumped over to using a new domain to pull its malicious software. Gumblar, so-named because it infected benign Web sites with attack code that attempted to install malware from a "gumblar" domain onto visitor's computers, has switched to using a "martuz" domain instead, according to ScanSafe, which originally reported the attack. Symantec confirmed the switch in its own post. The attack, which primarily uses stolen FTP logins to spread itself to new sites, continues to spread according to US-CERT, but ScanSafe says its growth appears to be slowing down. If you run your own Web site, the company suggested using a free scanning service that can help identify whether your site has been hijacked by Gumblar or another drive-by-download attack. The useful Unmask Parasites service is still in beta, and will only report Gumblar-hijacked sites as suspicious, according to Gumblar, but it will catch an infected site. To guard your own PC against the Gumblar attack code, see my earlier post about the exploits used in the assault. Most importantly, make sure you have the latest Adobe, Flash and Windows patches.
A Web attack that poisons Google search results is getting worse, according to security researchers. The attack first relies on compromising normally legitimate website and planting malicious scripts. US CERT reports that stolen FTP credentials are reckoned to be the main technique in play during this stage of the attack but poor configuration settings and vulnerable web applications might also play a part. Surfers who visit compromised websites are exposed to attacks that rely on well-known PDF and Flash Player vulnerabilities to plant malware onto Windows PCs. This malware is designed to redirect Google search results as well as to swipe sensitive information from compromised machines, according to early findings from ongoing analysis. The SANS Institute's Internet Storm Centre (ISC) adds that the attack has been around for some time but has intensified over recent days. Initially the malware was served up onto vulnerable Windows clients from the website gumblar.cn, which has been offline since Friday. A second domain - martuz.cn - has taken over this key role in the attack, ISC reports.
