Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
There is a new security threat for Web users to watch out for and its name is JSRedir-R. This threat, according to IT security and control firm Sophos, has blown all previous Web-based malware out of the water. It "is currently being found six times more often than its nearest rival", said Sophos. Because of this new threat, Sophos sees one new infected Web page every 4.5 seconds-- three times more than in 2007, it said. JSRedir-R has been found on high traffic legitimate websites. According to the security company, JSRedir-R loads malicious content from third-party sites (including one called Gumblar.cn, inspiring some security vendors to dub the threat 'Gumblar') without users' knowledge. The malware can then be used to steal sensitive information for financial gain, to commit identity theft or to meddle with search engine results. A Sophos report said that during the last seven days, almost half of all malicious infections found on websites were caused by Troj/JSRedir-R. Mal/Iframe-F, which has been the most widespread Web-based threat for more than a year, accounted for just seven per cent of infections this week.
The recent introduction of the Electronic Consumer Protection Act, Canada's long-awaited anti-spam bill, has been greeted with initial all-party support in the House of Commons. The bill just passed second reading, with committee hearings the next step in the legislative process. Looking ahead, the big fight seems destined to focus on the government's desire to establish a comprehensive regime with tough penalties that apply to most commercial communications to consumers. Consumer groups will likely welcome the reforms, while some business and marketing organizations may paint a gloomy picture of the costs associated with the new regulations. The bill strives to address most Internet-related consumer harms. These include email and text message spam, software programs that are secretly installed on users' computers (spyware), the use of emails and websites that trick users into thinking they are visiting a trusted site (phishing), as well as the use of computers infected by viruses to send spam (botnets). If enacted into law, the ECPA would make it illegal to send an electronic commercial message without the prior consent of the recipient. This would create an "opt-in" system, whereby, subject to certain exceptions, marketers would have to obtain consumers' consent before sending them commercial messages. Moreover, marketers would be required to meet several form requirements including identifying the sender and providing a mechanism to allow consumers to unsubscribe from receipt of further messages.
Security researchers are warning that Internet users who install pirated versions of Microsoft's latest Windows 7 operating system may also be installing malicious software, too. Experts at Atlanta-based security firm Damballa say they first noticed hacked versions of the Windows 7 release candidate available on peer-to-peer file-sharing networks and newsgroups last week, shortly after the OS was released to developers. Damballa found that computers with the tainted versions of Windows 7 were programmed to silently reach out to an Internet server to check for further updates, which in this case is a piece of malware that Kaspersky Antivirus calls Win32.Banload.cdk. "The first thing this does is phone home and get a list of additional malware to install," said Tripp Cox, vice president of engineering at Damballa. Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.sytes.net. -- which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday.
You are how you e-mail: A new technique can tell people apart using only the timestamps in their Sent folders. In the interactive, real-time world of Twitter, blogs and World of Warcraft, timing is one of the most salient aspects of social behavior. Now, researchers at Northwestern University and Yahoo Research in New York show that they can distinguish and categorize people based solely on the timestamps of their e-mails, paving the way for smarter advertisements, spam filters and social networking sites. “You can’t track everything an individual is doing at every hour of the day,” said Dean Malmgren of Northwestern University, lead author of the study posted May 11 on the pre-publication physics repository, arXiv. “But this shows that with just a snapshot of what they’re doing — knowing what time they send their e-mails — you can actually get meaningful information.” Of particular interest to Yahoo is a more effective way to catch spammers. Between 80 and 90 percent of all e-mail in the world is spam. Spam isn’t just obnoxious, it also uses up bandwidth, storage space and time. In 2009, spam may cost $42 billion in the United States and $130 billion worldwide — and that doesn’t include the money scammed from gullible internet users like Citigroup. Spam filters and spammers are engaged in a perpetual arms race, with spammers constantly changing their domains and IP addresses and disguising dirty words. But spammers have a major limitation: In order to send their millions of e-mails, they need bots. If a temporal model of e-mail behavior can distinguish between different people, it can also distinguish people from nonpeople. “Any novel way to identify spammers makes a huge contribution,” said Jake Hofman of Yahoo Research. “Even if you just reduce it by a small percent, that’s a big win.”
This is more or less an extension of my last post about the Twitter 'porn name' game. That specific Twitter example is just one instance of a larger issue of privacy and security. In its infancy spyware started with less malicious, but still ethically challenged, intentions. From its origins as adware, the idea was to monitor the Internet behavior and web-surfing habits of users in order to collect information that could be used to more effectively target marketing efforts. Rather than displaying a banner ad for high-end running shoes to everyone on the Web, the ad can be targeted so that it is only displayed to those individuals who have expressed interest in running. It reduces the amount of money being spent on marketing and increases the potential response rate. Spyware has evolved to do many more malicious activities and the line has blurred between forms of malware more or less. But, a new form of marketing research is emerging in the form of these memes and online quizzes on social networking sites such as Facebook, MySpace, or Twitter. It is fun to read responses from your friends and long-lost classmates about what their favorite songs are, where they grew up, what kind of animal their first pet was, what their favorite hobbies are, etc. From that perspective, it is one of the things that makes social networking social. It is interesting to learn these types of details about people you have known for years without ever discovering what their favorite color is, or what the last book they read was. The downside is that all of that information can also be searched on Google and aggregated and correlated by marketing firms, or malicious attackers. These are the kinds of questions that help marketing firms target you with ads that are more in line with your interests, and also the kinds of questions that help attackers gather key information they can use to guess or compromise your passwords. A PC World article titled The Hidden Secrets of Online Quizzes directs readers to "just look at RealAge, a detailed quiz that assigns you a "biological age" based on your family history and health habits. The site, a recent investigation revealed, takes your most sensitive answers -- those about sexual difficulties, say, or signs of depression -- and sells them to drug companies looking to market medications." Beware the information you share in these online quizzes. At the very least, be aware of the risks and consequences of sharing such information and don't use the hospital you were born in as a security question if you also answered that question in an online quiz.
The Facebook bugs just keep on swarming. If the combination of my Facebook inbox and Twitter chatter is any indication, there's yet another bug (or whatever you want to call it) floating around on the social networking site. It's not recent nasty bug Koobface, it's not mygener.im and, as far as I can tell, it's not even Boface.BJ. This time the link, which in my case came in messages titled "Hello," leads to sites with names like 151.im and 121.im. When you navigate to those addresses (and it seems people are, despite the very odd names), you will find a near-exact replica of the Facebook login page. You are, of course, prompted for your login and password. And once you give those, you, sir, have been hooked by the phishermen. Facebook did not immediately respond to a request for comment. The site has long been known for its resistance to spam: Users can only send messages to one another, so outside solicitations are kept out. But now that a new bug seems to infiltrate Facebook every week or two, the nuisance level of using the site's messaging system has increased considerably. A reasonable question would be: Is the company doing anything to nip these viral spambugs in the bud before they spread? Update: 11:31 a.m.: Facebook has responded: "This is a phishing attack. We’re well aware of it and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago. You can read more about how we respond to phishing in our recent blog post here: http://blog.facebook.com/blog.php?post=81474932130." -- David Sarno
Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft’s Windows 7 for the express purpose of building a botnet. According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour. WaPo’s Brian Krebs writes: Damballa managed to grab control over the server that’s contacted by the pirated Windows 7 versions — codecs.systes.net — which is how it knows how many new, compromised installations are requesting the malware. As of Monday afternoon, the company had tracked 3,452 compromised systems hitting the site, with a peak of more than 550 new infections per hour on Sunday. There is evidence that the pirated packages of Windows 7 were released on torrent sites on April 24 and was live for at least 16 days before Damballa killed the command-and-control. That puts estimates at about 27,000 installs, eWEEK reports.
Last week, Kentucky Fried Chicken stores around the nation struggled to accommodate a surge of roughly 4 million new customers, after Oprah Winfrey told viewers of her show that they could get a free meal at KFC by printing out an Internet coupon. By most accounts, the marketing gimmick was a disaster, but it got me thinking about Oprah's sheer ability to mobilize the masses. I wondered: How much badness on the Internet would disappear overnight if Oprah suggested that her devotees download, install and run a set of free PC security scanning tools? Probably quite a bit, or at least enough to register a notable drop in global spam volumes, malicious software attacks and other activity that depends largely on remotely compromised PCs or "bots" to do most of the grunt work. Estimates of just how many systems are infected by bot programs vary widely, but even by the most conservative estimates, a similar response by 4 million Oprah viewers could make a huge difference. Some pundits -- like Google's chief Internet evangelist Vint Cerf -- have estimated the number of comprised PCs at 100 million to 150 million worldwide, or 25 percent of all PCs connected to the Internet. Most experts I know, however, think that number is too high. In a recent report on the Conficker worm, researchers at IBM estimated that roughly one out of every 25 PCs, or 4 percent of all PCs online, was infected with Conficker. Now, bear in mind that Conficker is just one family of bot programs out of dozens currently being used today by malicious hackers to remotely control infected systems. But for the moment, let's use IBM's Conficker numbers, and assume that 4 million Oprah viewers were to install and run three very easy-to-use programs -- say Superantispyware, Malwarebytes, and Trend Micro's Housecall online virus scanner.
As more workers spend a greater part of their days on social networks like Facebook and Twitter, hackers have turned their energies toward spreading their malware across those services, harming workstations and company networks. That's the contention of a recent report measuring Web 2.0-targeted hacks that occurred in the first quarter of this year and was conducted by the Secure Enterprise 2.0 Forum, an industry group aimed at enabling the safe use of social media in the workplace. Increasingly, hackers have turned their attentions away from e-mail, in part due to the fact people spend more of their time communicating with friends, family and colleagues over mediums like Facebook and Twitter. In addition, the e-mail environment has reached a level of maturity that makes the new frontier of social networks more attractive to hackers and spammers, says David Lavenda, a vice president at WorkLightt, a vendor that sponsored the study. "E-mail is in a steady state," Lavenda says. "It's an electronic warfare game with spammers, filters and security tools, and it's reached some sort of status quo. With the new [social] tools, as people come online and get more involved with them, there is an opportunity to cause harm." The list of security hacks on Web 2.0 and social networking sites were impressive, the report found. Nearly one-fifth were caused by authentication hacking (where someone is able to gather user names and passwords). Others included database hacking (21 percent), content spoofing (11 percent) and cross site scripting (XSS), an incident where malicious code runs on a webpage and eventually can enable phishing attacks.
The final release candidate for Microsoft's newest version of Windows was made available Tuesday, and already infected pirated versions of the software are making the rounds. On Thursday, Microsoft said that cybercriminals are distributing versions of Windows 7 release candidate (RC) that contain malware designed to infect a customer's PC. In an interview posted at the company's official website, Joe Williams, general manager, Worldwide Genuine Windows at Microsoft, said that users should be wary. He pointed out that consumers face potential identity theft, system failures and unrecoverable data loss if they become victims. “Pirated software can contain malware and can threaten a user's personal privacy and information,” he said. As early as the last week of April, leaked version of the operating system RC cropped up on torrent sites, and it's possible the compromised versions were among copies being downloaded from those sites. As to the problem of pirated software itself, Williams said that as many as a third of users worldwide may be running counterfeit copies of Windows, and a significant percentage of these people do not know the software is pirated.
