Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
SAN FRANCISCO (AP) — The giant Conficker computer worm, once feared as an out-of-control Internet doomsday machine, seems to have settled — for now — on trying to make money in very predictable ways. Researchers from Cisco Systems Inc. say some of the up to 12 million personal computers infected by Conficker are being used to send about 10,000 to 20,000 spam e-mails a day per computer, far less than they actually are capable of. Lower volumes help evade detection. Earlier this month, some Conficker-infected machines started selling fake antivirus software, using annoying pop-up ads to warn of infections that only the criminals can clean up for a fee, but of course never do. Cisco's chief security researcher, Patrick Peterson, says researchers are convinced "this is the two-pronged method (the criminals) are going to use to make a fortune" off the infected machines.
The Conficker worm is expected to see malware being spread by the infected botnet. Speaking to the Daily Mail, Vincent Weafer, vice president of Symantec Security Response, claimed that Conficker is slowly being activated as a method to quietly turn thousands of computers into servers of email spam and spyware hosts. Weafer said: “Expect this to be long-term, slowly changing. It's not going to be fast, aggressive.” He also claimed that it will download the Waledac virus to recruit the PCs into a second botnet that is used to distribute email spam. Paul Ferguson, senior researcher with Trend Micro, claimed that the authors of Conficker are likely to have installed a spam engine and another malicious software program on tens of thousands of computers since April 7. Jason Miller, Shavlik's security and data team manager, previously claimed that Conficker.E has a kill date of 3rd May and will cease to be functional from that date, although it is possible that it could be taken over by another botnet controller. Meanwhile, Shawn Henry, assistant director of the FBI's cyber division, claimed at the RSA conference in San Francisco that the rumoured Conficker attack may have led to public distraction over legitimate cyber threats.
A spam-less Twitter feed might just be too good to be true. Spam is becoming an increasing problem on Twitter and something has to be done to separate the wheat from the chaff. Spammers are using Twitter as a tool by replying to your @username, which then causes the Tweets to show up in your timeline. There isn't really a way to filter Twitter spam directly from a Twitter client. But there may be soon. Loic Le Meur has proposed to add a "report as spam" button to the Twitter desktop clients his company has created, Twhirl and Seesmic Desktop. This button would flag the spammer to Twitter (or to a separate database of users) and Seesmic or Twhirl could then exclude the spammer from its client apps after a sufficient number of users report them as spam. Le Meur also says that the clients would manually check the potential spammers to ensure that they are actually spammers. After the clients are established as spammers, Twitter could then delete or block the user accounts. Le Meur says that his Twitter clients will soon include a "report as spam" button and is calling on fellow popular Twitter clients, Tweetdeck and Tweetie, to follow suit. The one potential issue with the flag button, says Le Meur, is that Twitter prefers spam to be reported by a direct message to its spam account "@spam." But you need have @spam to follow you first (it seems to be autofollowing) before hitting the flag button on a Twitter client. It's an extra step the user would have to take to make the button usable, says Le Meur. Flagging is a good idea and a great first step to battling spam but what Twitter really needs is an Akismet-like plug-in. Akismet, created by Wordpress developers, filters link spam from blog comments and trackback pings for blogs. When a new comment, trackback, or pingback comes to a blog site, it is submitted to Akismet, which runs hundreds of tests on the comment and returns a thumbs up or thumbs down on whether it is spam. Akismet says that its plug-in has caught 10.7 billion spam comments from blogs since its launch in 2005.
Criminals have built a massive "botnet" network of hacked computers that has infected an estimated 1.9 million computers worldwide, including systems within U.S. and U.K. government networks, security vendor Finjan reported Tuesday. A group of six criminals has run the operation since February, controlling the botnet from a server located in the Ukraine, Finjan said. Using a network of Web sites, they have installed their malware by tricking victims into viewing malicious Web code that then installs the malware. Nearly half of the computers hacked by the gang are located in the U.S., but they have also hit a sizeable number of machines in the U.K., Canada, Germany and France, Finjan said. Finjan researchers found "compromised computers in 77 government-owned domains ... from the U.S., U.K., and various other countries," the company said in a statement. Finjan has contacted institutions that were hacked by the gang and is working with law enforcement on the issue, the company said.
With researchers reporting the first Macintosh-specific malware to be found "in the wild" on the Internet, Mac users want to know what to do. My advice: Nothing. But, this is a good news/bad news story. The good news for Mac users is that you do not need to buy anti-virus software. The bad news is that one word must now be appended to that sentence, "Yet." For years, we've been in a period of what cancer doctors call, "watchful waiting." In this case, we know its possible for the cancer of malware to infect our beloved Macs, but so far, all the cells we have found are pretty much benign. So it is with iBotNet, a Mac-specific Trojan Horse program that is acquired only by downloading a pirated copy of iWork, the Apple productivity suite. It does not spread from computer-to-computer on its own. Once infected, the Mac can be controlled remotely by the creator of the malware, but iBotNet is not especially threatening, in the way the recent Conficker worm continues to threaten the Internet. Experts say iBotNet infects only a few thousand computers at most and is not a danger to the average Mac user. It may not even be the first malware to target the Mac, though others did so along with infecting Windows machines.
Reports are pouring in now that Conficker, at last, has started doing its dirty work -- and that work is nothing which thousands of malware applications haven't done long before it: Sending out spam. The activation is being deemed a "quiet" one, as Conficker's creators seem to want to take advantage of the powerful botnet they've built without drawing too much attention to themselves. As a result, Conficker may shape up to be a relatively innocuous exploit compared to some of its massively destructive predecessors, and that's undoubtedly a good thing. Still, cleaning up Conficker will have to be done one way or another, and already numbers are starting to be tossed out in an attempt to measure how much that's going to cost. The Cyber Secure Institute's figure: $9.1 billion will eventually be spent to combat and remove the worm. Some 3.5 million are estimated to be infected worldwide (with just 4 percent of those machines installed in North America), though estimates of infection range from much lower to substantially higher. Meanwhile, security pros are girding for a long and slow fight against the malicious bit of code, as Conficker continues to evade detection by many users since it takes great efforts to hide its presence on a machine. Based on current analysis of the most recent version of Conficker, it is also set to stop spreading some of its malicious code on May 3, but it's likely that the door will be left open for additional attacks down the road. The bottom line: Malware like Conficker makes headlines every year or so, but the time to think about security is not just when word of a big attack is brewing. Keeping your PC safe from attack is something that requires daily diligence, so keep those Windows updates installing, and keep anti-malware definitions up-to-date, no matter what you hear about the latest version of Conficker... or any other malware application.
After several false alarms, it looks like the Conficker worm has finally begun turning an unknown number of computers into servers of e-mail spam, according to Reuters . Vincent Weafer, a vice president with Symantec Security Response, said Conficker is now installing a second virus named Waledac that sends out e-mail spam without the computer owner's knowledge. It also carries a third virus that warns users that their PCs are infected, only to offer a fake anti-virus program called Spyware Protect 2009 for $49.95, according to Russian-based security researcher Kaspersky Lab. If someone buys it, their credit card information is stolen and the virus wreaks more havoc on the computer. "Expect this to be long-term, slowly changing," Weafer told Reuters. "It's not going to be fast, aggressive." On Thursday security experts revealed that several hundred machines and critical medical equipment in a number of hospitals around the country were infected by Conficker. "It was not widespread, but it raises the awareness of what we would do if there were millions" of computers infected at hospitals or in critical infrastructure locations, Marcus Sachs, director of the SANS Internet Storm Center, told CNET News . After millions were warned to update their machines, the worm failed to make a big splash on April Fool's Day when it was scheduled to launch. But the worm is said to have infected between 3 million and 12 million computers. To check if your computer is infected, you can use the Conficker Eye Chart or this site at the University of Bonn . Microsoft also provides information on how to protect yourself from the Conficker worm.
Last week, “The Carbon Footprint of E-mail Spam Report” made the rounds on the Internet thanks in part to write-ups at various news Web sites. The study — conducted by the research firm I.C.F. International, and commissioned by the security company McAfee (which, as it happens, also sells one of the leading anti-virus and anti-spam software suites) — examined the environmental impact of junk e-mail. Among the findings: • An estimated 62 trillion spam e-mail messages were sent worldwide in 2008. • The annual energy used to transmit, process and filter spam worldwide totals 33 billion kilowatt-hours, equivalent to the electricity used in 2.4 million homes. • A single spam message produces the equivalent greenhouse gas emissions associated with driving three feet. The solution? Not surprisingly, Jeff Green, a senior vice president for product development at McAfee Avert Labs, said in a statement on the McAfee Web site, “Stopping spam at its source, as well investing in state-of-the-art spam filtering technology, will save time and money, and will pay dividends to the planet by reducing carbon emissions as well.” It remains unclear whether global warming is a concern among spammers themselves.
It's not only hackers who sneak spyware onto unsuspecting peoples' computers. The FBI does it too, and has been for years. Heavily redacted documents obtained by Wired magazine under the Freedom of Information Act show that the FBI has been using software it calls CIPAV — Computer and Internet Protocol Address Verifier — for nearly a decade. Agents lure the target, usually someone who's concealing his Internet Protocol (IP) address to mask his identity, into clicking on a certain Web site, which infects his machine with the CIPAV software. CIPAV then "phones home" to tell the FBI the target's IP address, operating system and serial number, installed software, list of recently visited Web sites, registered name and a whole lot of other stuff that's whited out in the documents. It's been successfully used against suspected extortionists, sexual predators, bioterrorists and even one person thought to be impersonating an FBI agent. One network of hackers who targeted a bank resisted downloading CIPAV, indicating that some, but eventually not all, of its members were wise to the FBI's ways. In another case, a hacker who'd gotten into servers at NASA and government labs turned out to be a Swedish 16-year-old.
April 22, 2009 (Computerworld) Some bot-infected PCs can crank out as many as 25,000 spam messages per hour, new research released today claimed. Orange, Calif.-based Marshal8e6 deliberately infected machines in the lab of its research arm, TRACElabs, with the malware responsible for the world's nine biggest spam botnets, then observed the PCs' behavior, including each bot's top-end spam capacity. "One of the our objectives over the past few years has been to emphasize the dominant role that a handful of key botnets play in the spam we see today," said Phil Hay, a senior threat analyst at TRACElabs, in an e-mail today. TRACElabs concluded that Rustock and Xarvester, the latter perhaps linked to the down-and-out Srizbi botnet, are the most efficient spam spewers of the nine bots. Each is capable of sending up to 25,000 messages per hour, or 600,000 per day, and 4.2 million per week. The next most effective spam bot, said TRACElabs, is Mega-D, one of the bots that took advantage of the November 2008 takedown of McColo Corp., a hosting company that harbored the command-and-control servers for several big botnets, including Srizbi and Rustock.
