Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
December 24, 2008 (Computerworld) New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse. Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed "XmasStorm" by the center, is spreading through holiday-themed spam. Touting subject lines such as "Merry Xmas!" and "Merry Christmas card for you!" the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot that waits for commands from the hacker controllers. Nguyen Minh Duc, manager of Bach Khoa's application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign's holiday theme in the last month, including "superchristmasday.com" and "funnychristmasguide.com." According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.
In April, many scammers began to see problems with their phishing scams. Security researchers had spent time studying botnet networks and had become very good at blocking fraudulent emails. These scammers, also called phishers, known for the way they trick victims into giving up user names and passwords, have homed in on a new way to make money. Phishers have begun using browser plug-ins or other types of software. Instead of tricking victims to visit websites, they have started sending emails that come with malicious software. The software poses as a security update from a bank, and installs code that can steal banking credentials. According to Mickey Boodaei, CEO of Trusteer, a company that makes desktop security software used by banks, malicious software installs are on the rise among scammers. "We're seeing a clear shift from phishing attacks," said Boodaei.
If you suspect or know your PC is infected with a virus, it's probably wise to avoid purchasing anything using that computer until you're sure the machine is clean. That includes additional anti-virus or security products. Chances are the malicious software on your machine includes built-in ability to steal user names, passwords and other sensitive data from infected hosts. Recently, I've heard from several people who used their credit or debit cards at the first sign of infection, to renew or upgrade their anti-virus protection when their existing software didn't work or failed to update. Also, in a Live Web chat a few weeks ago, one reader described how he "stupidly" went online and bought an anti-virus product after realizing he'd infected his machine with a DNS hijacker Trojan. Consumers can be forgiven for such goofs: After all, they paid for security software, they expect (rightly or wrongly) to be protected, and yet still got hit with malware.
Emailers around the world celebrated a 65-percent reduction in spam in their mailbox last month, but now, according to Symantec, the spam is back. According to Symantec's monthly Start of Spam report, it's already regained most of its previous strength. On November 11, several network providers shut down McColo.com's Internet access, cutting off spammers' ability to control much of the Rustock and Srizbi botnets. The Symantec probe network saw a 65-percent drop in spam within 24 hours. But Symantec Manager of Business Intelligence Dylan Morss, recently writing in a company blog, reports that it didn't last. "At this point, spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels," he reports. The cause? "Old botnets are being brought back online and potential new botnets are being created." Spam is now coming from all over the world, with the bulk originating in Brazil (22 percent), Russia (14 percent), the United States and Turkey (12 percent each), and China and India (11 percent each).
As long as cyber crime groups pursuing profiteering through the Internet are improving their skills so as to steal data from businesses, employees and consumers their online attacks are getting more sophisticated and harder to oppose, as noted in the 2008 edition of the Cisco® Annual Security Report released this week. In its annual edition Cisco points out to the top security threats of the year providing recommendations on how to protect networks against attacks. This year the overall number of disclosed vulnerabilities grew 11.5% above 2007. Cisco notes that vulnerabilities in virtualization technology nearly tripled from 35 to 103 on a year-over-year basis. Attacks are becoming increasingly blended, cross-vector and targeted. Threats coming from legitimate domains rose 90% which is nearly double of what was observed a year ago. Meantime, malware infiltrated via e-mail attachments is decreasing in number. Within the period of the last two years the number of attachment-based attacks dropped 50% as compared with the previous two years of 2005 and 2006. Cisco warned against some specific threats that flooded the web space reporting that the number of spam messages sent daily makes up for 200 billion constituting thus 90% of the worldwide e-mail. While targeted spear-phishing represents about 1 percent of all phishing attacks, it is expected to become more prevalent as criminals personalize spam and make messages appear more credible. The growing danger is also being posed by botnets which are heavily deployed today by cyber criminals. Multiple legitimate web sites were infected this year with IFrames, malicious code injected by botnets that redirect visitors to malware-downloading sites. The use of social engineering to entice victims to open a file or click links continues to grow. More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam.
Once again, the bad guys went after the curious, gullible and careless with lots of Web malware. Particularly malevolent were the attacks that relied on readers' enthusiasm for all things Barack Obama, and their distress over the credit crisis. Below is a list of the most notable malware attacks in 2008, at least so far. The ‘Naughty Nine’ and their descriptions are courtesy of MessageLabs, a security company that is now part of Symantec. Storm worm -- Storm was among the most aggressively spread malware of 2008. It enabled the formation of one of the largest botnets in history, estimated at 2 million compromised computers around the world at its peak. Search Engine spam -- In early 2008, spammers begin abusing search engine redirects, a technique allowing them to include a link from a search engine query within an email message. The link resolves to the spammers forged web site meaning that spammers could send messages without directly mentioning the spam web site thereby bypassing traditional anti-spam detection mechanisms which typically will not flag legitimate search engine sites as malicious links. CAPTCHA Breaks -- Hackers first broke webmail CAPTCHAs (Completely Automated Public Turing Test to tell Computers and Humans Apart) in February 2008. Once in, they were able to abuse free email services to send copious amounts of spam. As 2008 wore on, CAPTCHA breaking techniques continued to increase in sophistication and became the key to the spamming kingdom. Targeted Trojans -- Although they have been around for several years, new versions of Targeted Trojans are continuously evading Anti-virus systems due to their variation in code. The most memorable Targeted Trojans of 2008 spoofed a U.S. consumer advocacy site and the Olympic organizers. Since the beginning of 2008, targeted Trojan attacks have increased to approximately 80 per day. Web-based malware -- In April, cybercriminals used Web-based malware to take advantage of the opportunity to capitalize on computer users’ unfamiliarity with web-borne attacks. In July 2008, the number of new, malicious web sites blocked each day rose by 91 percent, taking the threat to its highest level. This surge was due to due to the number of websites linked to SQL injection attacks, where malicious JavaScript is downloaded to a visitor via the use of [removed] HTML tags. Hosted Applications Spam -- In May 2008, spammers uncovered the perfect way to spam using links to hosted online documents created under accounts with a major hosted applications service provider, which are not blocked by traditional spam filters. Srizbi -- Estimated at more than 1.3 million infected computers, Srizbi was responsible for 50 percent of all spam in 2008. It was the botnet behind “Reactor Mailer” spamware and also the botnet that spurred phishing scams spoofing some banks, marking a shift toward targeting smaller state banks and credit unions. Obama spam -- 2008 being an election year, political spam was rampant. Two bouts of spam used President Elect Barack Obama to lure recipients’ attention. The first spam cluster purported to sell watches or pills but spoofed email addressed from the following domains: barackobamaismyhomeboy.com and barackobamaisyournewbicycle.com, a popular website that intended to honor the presidential candidate’s altruism. The second run of Obama-related spam foreshadowed the outcome of the election using Obama subject lines 85 percent of the time and subject lines with McCain references 15 percent of the time. Credit crisis phishing scams -- As the credit crisis worsened, MessageLabs saw an increase in phishing attacks largely spoofing banks, in September and October. Between August and September, phishing attacks rose by 16 percent and by 103 percent between September and October. The subjects of the attacks were national banks and global banks, smaller state banks and credit unions and online retail sites. As change prevailed through the latter part of 2008, scammers took advantage of the frenzy surrounding the mergers and bailouts.
A New Zealand man living in Australia has agreed to pay fines totalling $92,715 after admitting his role in an international spam email operation said to be responsible for sending out billions of unsolicited emails in recent years. Lance Atkinson, 26, of Pelican Waters in Queensland, is also facing charges in the US where a court has frozen his assets at the request of the US Federal Trade Commission (FTC), which also succeeded in having the spam network shut down. New Zealand's Internal Affairs' Anti-Spam Compliance Unit found Lance Atkinson's operation responsible for more than 2 million unsolicited electronic messages that were sent to New Zealand computers between 5 September 2007 and 31 December 2007. These emails marketed Herbal King, Elite Herbal and Express Herbal branded pharmaceutical products, manufactured and shipped by Tulip Lab of India.
American websites host more malware and computers relay more spam than any other country, the latest security report showed. As evidence of this, when an American Internet company, accused of collaborating with spammers and hackers, was disconnected from the net in November, the level of spam staggered down 75 percent. The 'Security Threat Report 2009' was just published by Sophos, the U.K.-based IT security and control firm, which examined the threat landscape over the last twelve months, and predicted the emerging cybercrime trends for 2009. Too many compromised computers "Not only is the U.S. relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious Web pages," said Graham Cluley, senior technology consultant for Sophos. "We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today."
STEVEN CARROLL BUSINESSES FOUND to be sending unsolicited e-mails and text messages could face fines of up to €250,000 under new legislation signed by Minister for Communications Eamon Ryan. The regulations, which come into effect immediately, relate to all unsolicited mail sent by e-mail, text message or fax. Unsolicited mail for direct marketing purposes will be treated as an indictable offence under the legislation. The new laws will allow the Data Protection Commissioner to refer serious breaches of the legislation for prosecution through the Circuit Court, where fines of up to €250,000, or 10 per cent of the offending company's turnover, may be imposed. The number of complaints made to the Data Protection Commissioner in relation to spamming increased from 66 in 2005 to 538 last year. Offenders were previously prosecuted in the District Court where the maximum fine was €3,000. This figure has now been increased to €5,000. Mr Ryan said spam was a serious threat to the internet, posing security risks and that such communications were a serious invasion of privacy. "Unwanted communication, either by e-mail or to a mobile phone is more than a nuisance - it wastes money and energy," he said. "Millions every year are lost to Irish companies through lost productivity as spam clogs inboxes and crashes servers," he said.
A new report has placed the U.S. at the top of the list for most websites hosting malware and the most computers relaying spam emails throughout the world. The spot was previously held by China last year, but due to a multitude of innovative attacks by cybercriminals this year, the U.S. how holds approximately 37 percent of the malware on the web, NetworkWorld.com reports. China hosts 27.7 percent. In terms of malware threats, SQL injection attacks against websites and the emergence of scareware were the biggest ones. The U.S. also distributed the most spam emails than any other country with 17.5 percent. This may come as a surprise to some, given the McColo takedown last month, which assisted dropping the amount of spam by approximately 65 percent, according to the website. As the year draws to an end, spam levels are almost at pre-takedown levels, rendering the McColo shutdown essentially inconsequential.
