Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Secure your digital surgical masks. Last week's phishing bug that bit many Facebook users is beginning to resurface this morning. Facebook users are receiving messages from friends today that ask them to visit the website, mygener.im. The site is marked as malicious in most modern browsers, so curious wanderers will receive a warning when attempting to visit the link. For those daring enough to continue on, the site redirects users through a series of Web domains, eventually landing on, at least for now, an address that doesn't seem to point anywhere. Today's incident appears to be directly related to last week's phishing outbreak when some Facebook users were duped into giving their passwords to scammers, Facebook spokesman Barry Schnitt wrote in an e-mail. "We’ve already blocked the URL from being shared on Facebook and it is now being deleted from inboxes and walls across the site," Schnitt wrote. "Anyone who ... ... shared this content will soon have their account password automatically reset." The takeaway is generally that anyone can make a page look like Facebook. So, be sure to check your browser's address bar to ensure you're on the correct site before plugging in a password.
According to a report by Panda Security, Trojans accounted for 73% of all malware created during the first few months of this year, and spyware growth has leaped to 13.15%, up from a 2.5% increase in the previous quarter. “We have seen a dramatic increase in the amount of spyware in circulation, aimed, in all likelihood, at saturating laboratories and consequently infecting more users,” says Jeremy Matthews, head of Panda Security's sub-Saharan operations. In certain instances, he says, cyber criminals have had success, citing the Virtumonde spyware, which infected more computers than any other malicious code in the first quarter of 2009, as an example. “This malware combines aspects of adware and spyware, monitoring users' Internet movements, rigging search engine results and displaying advertising banners and pop-ups for some products,” he says. According to Matthews, Taiwan continues to generate the most active malware (31.7%), with Brazil and Turkey occupying second and third place respectively, overtaking Spain and the US. He adds that Mexico has seen a lowering in the amount of active malware (17.95%), dropping almost 10% compared to the 24.87% active malware average recorded for the whole of 2008.
SAN FRANCISCO (AFP) — Hackers appear to be beefing up armies of "zombie" computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee. A McAfee report said that during the first three months of this year, nearly 12 million new computers were added to the ranks of machines infected with "malware" that lets cybercriminals use them to spew spam. The ominous news came with word that the amount of spam dropped 20 percent during the same period, evidently as a result of the elimination of a "McColo" spam-generating operation late last year. The rate of spam email dropped from an average 153 billion daily last year to 100 billion a day in March, according to the McAfee report released Tuesday. "Seems the bad guys are attempting to recover from last November?s takedown of a central spam-hosting ISP by rebuilding their army," researchers said in a McAfee Threats Report for the first quarter of 2009. The United States unseated China as the country with the most "botnet-infected" computers, accounting for 18 percent of the world's "zombie machines" as compared with China's 13.4 percent, according to McAfee.
Spammers have turned back the clock and are recycling a years-old tactic by planting their messages in images, a security researcher warned today. Image spam, which hit a peak in late 2006 and early 2007, has made a comeback, said Holly Stewart, the threat response manager of IBM Internet Security System's X-Force team. After barely registering during most of 2008, image-based spam accounted for about 25% of all spam by the end of last month. "They're doing the same kind of image-based spam as in 2006 and 2007," said Stewart. "It's very surprising." It's surprising because spammers that rely on technological trickery rarely return to an older tactic once anti-spam vendors have figured out how to detect the junk mail. "But what they're doing now is exactly what they were doing before," added Stewart. When spammers first started using images rather than text, they were successful at slipping their pitches through filters, which were designed only to parse text and look for such things as links. Their success led to an explosion in image-based spam, with spammers and security firms playing a cat-and-mouse game for months.
The Conficker worm, which has set off many a recent security alarm bell, may just be a small fry, compared to the growing number of botnets, viruses, and worms infecting cyberspace. According to a report released on Tuesday from security vendor McAfee (PDF), cybercriminals have hijacked 12 million new computers since January with an array of new malware. This represents a 50 percent increase in the number of "zombie" computers over 2008. The United States now hosts the world's largest percentage of infected computers, 18 percent, according to the McAfee report. China is next on McAfee's list, hosting 13.4 percent of the world's infected PCs. "The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware," Jeff Green, senior vice president of McAfee Avert Labs, said in a statement. "Essentially, this is cybercrime enablement." The McAfee report doesn't minimize the danger from the Conficker worm but says other threats that haven't received media attention may pose greater risk. One piece of malware, the Vundo Trojan horse, has been especially active the past three months. Botnets using Web 2.0 technology via social networks also are on the rise. The recent Koobface virus infected thousands of Facebook users, for example, as it was passed along from friend to friend. Spam levels are threatening to rise again, the report adds. Spam had dipped 30 percent from its peak in the third quarter of 2008 after last November's shutdown of McColo, a major spam-hosting Internet service provider. But since then, the volume of spam has shot up 70 percent. McAfee expects that number to grow to its 2008 level, even though spammers are taking longer than expected to recover from the McColo takedown.
The Better Business Bureau has an advisory out warning that some e-mailers and Web sites are trying to play on swine flu outbreak panic. Mentioned were e-mails that proported to have news about swine flu but instead linked to online pharmacies, and a Web site selling a PDF "Swine Flu Survival Guide" for $99.95. Online security company F-Secure Corp. says more than 250 Web sites with the term "swine flu" were registered within the first few days after the outbreak was announced. The company "predicts that the scam artists are preparing to use such Web sites in a variety of different online scams. A couple of reminders: -- Don't click on links in suspicious e-mails; if you want to go to the site, type the address in the browser navigation bar instead. You can foward scam e-mails to spam@uce.gov. -- There's no vaccination against swine flu, so anyone trying to sell you one is lying. Get accurate information from the CDC. -- Update your anti-virus/anti-spyware software and install all operating system security patch. If your computer gets infected from spam anyway, you can report it to the Internet Crime Complaint Center.
The popular social networking site Facebook successfully fought off an attack from a piece of malware yesterday, the second attack this week. Facebook, which claims 200 million users, said the phishing scam tricked users into clicking on a link in the messages inbox that took them to a false Facebook Website here cyber-criminals were able to access their login information. The company said April 30 it was able to shut down the two malicious links at the core of the attack, fbstarter.com and fbaction.net. Facebook said it is also in the process of removing messages that refer to the link, which tricks users with the message “Look at this!” as well as resetting passwords for affected members. Wednesday’s attack, a similar worm, directed users to the site BAction.net. In the wake of the attacks, Facebook and brand protection firm MarkMonitor announced that Facebook is using MarkMonitor’s AntiFraud Solutions to supplement Facebook’s own in-house security efforts in protecting users against malware attacks. Facebook, which already uses MarkMonitor AntiFraud Solutions to help combat phishing attacks, is expanding its use of MarkMonitor to further protect Facebook and its users from ongoing malware attacks. Facebook threat analyst Ryan McGeehan said the company’s deep commitment to the safety of its millions of users requires a strong, proactive security strategy, best-of-breed technology and active engagement with industry leaders. “MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing so it was a natural next step for us to bolster our own security systems with their anti-malware solution,” he said.
A University of Missouri graduate student and his brother, an MU alum, as well as two others, were arrested Wednesday in connection with a massive E-mail spamming operation, the Missourian reports. According to police, the suspects allegedly developed an E-mail extracting program and collected more than 8 million student addresses from 2,000 universities and colleges. Using spam marketing campaigns, the suspects sold more than $4.1 million worth of products, authorities say. "Nearly every college and university in the United States was impacted by this scheme," said Matt Whitworth, acting U.S. attorney for the Western District of Missouri. "Illegal hacking and E-mail spamming wreaks havoc on computer networks. These schools spent significant funds to repair the damage and to implement costly preventive measures to defend themselves against future intrusions."
Is there money to be made from swine flu? The spammers think so - and they are already using 'swine flu' in email subject lines to try and bait unsuspecting web users to malware sites or to buy antiviral drugs. Researchers at McAfee have identified that 5% of global spam email now contains the phrase swine flu - an astonishing increase, given that the phrase had never appeared before Monday. Salma Hayek caught swine flu! Swine flu in Hollywood! First US swine flu victims! McAfee analysed between 80m and 100m junk mails in the past month, and says part of the reason for the massive trend in the 'swine flu' term is that it is an international issue - and that has made it an international spam problem. Spammers in the US, Brazil and Germany accounted for half of the swine flu spam. For context, between 80bn and 170bn emails are sent every day and 78-90% of those are spam. Using attractive subjects, like celebrities, and exploiting the interest and concern in real-time issues like swine flu to their own nefarious ends. Malware included an email originating in Russia that invited the recipient to watch a video and claimed to be downloading a video codec. In the words of McAfee researcher David Marcus: "Malware writers, spammers and scammers are low lives. They will use any high media event or high impact news story to push their wares including the sickness and misery of others. Stay vigilant and stay safe. Should you need credible information on the influenza pandemic then go to the World Health Organisation website."
About 5% of spam worldwide now mentions “swine flu” to trick people into opening the e-mail messages, according to McAfee Avert Labs, potentially adding up to billions of messages daily. The swine spam is coming from all over the world from compromised computers networked in a criminal botnet, McAfee says, but about half of all the swine flu spam comes from Brazil, the United States and Germany. McAfee has also seen Web sites with the words “swine” and “flu” pushing malicious software, including one example of a Russian-based Web site telling visitors to install a “video codec” to view a video. Surprise, surprise, this isn’t a codec but instead a malicious program that infects the computer and opens it up to the use of hackers. McAfee's labs have also seen a rise in the registration of domain names mentioning "swine flu," suggesting hackers and virus writers intend to take advantage of the public's fear by creating phony sites with false information and viruses. If you recieve e-mail messages about the swine flu, McAfee and other technology security companies, including Symantec, strongly suggest common sense and avoid opening such messages.
