Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
In less than nine months in 2007 a botnet-driven spammer network earned $7.5 million for its operators. The team consisted primarily of New Zealand brothers Shane and Lance Atkinson, who are now in federal court after being sued by the Federal Trade Commission (FTC) for deceptive and fraudulent practices. At a presentation Wednesday at the SC World Congress in New York, called “Web security and malware: Threats, causes and solutions,” Patrick Peterson, vice president of technology at Cisco's IronPort Systems, and Steve Wernikoff, staff attorney with the FTC in Chicago, outlined a study on how botnet affiliates work. Typically, an operation works like this: A marketer builds up a group of affiliates that run spam botnets, the panelists said. The incentive is money – say 40 percent of all orders placed by spam victims. Often, the marketers grow their affiliate team by placing an ad on a site frequented by potential affiliates that are looking for products with which to scam potential victims. Some of the ads placed by the marketers essentially state that “You send the spam, we'll take care of everything else – billing, fulfillment, credit card charges, back-end communications, etc.” Wernikoff said the attraction of the business includes the near-zero cost of entering and maintaining the business.
SAN JOSE, CALIF. - Going online instead of going to the mall can be a convenient and cheaper way to get the holiday shopping done. But it can have a downside. Cybercriminals tend to come out in force around peak shopping times. Unless they guard against the threat, online shoppers run the risk of having their credit card and bank account numbers stolen without even knowing what's happened. "The peak shopping period is an ideal time for criminals to target [consumers] for ... attacks," said Symantec's Vincent Weafer, a vice president in the security company's research group. Some security experts say the time to be on guard is now. In the month before Thanksgiving week last year, security company PC Tools observed a steady rise in the amount of malware intercepted by computers running its security software
Forget nuclear, chemical and biological weapons, the new weapon of mass destruction is computer malware and botnets, according to authors of a new report from the conservative Hoover Institution, who claim credit for coining the term "electronic Weapons of Mass Destruction" or eWMD. Since, as the New York Times told us last week, malware is seriously on the rise and "spreading faster than ever," this would make the proliferation of eWMD more horrific than any other WMD to date. Which would seem to imply that eWMD stockpilers, such as the New Zealand "bot boy" (aka Owen Thor Walker), are the cyber equivalent of Saddam Hussein. "While one hopes ewmds will never be able to cause the loss of life that other weapons of mass destruction (nuclear, chemical, biological) can cause," the Hoover Institution authors write, "they should still be recognized as having the potential to destroy livelihoods or even entire economies. . . ."
I have no idea what this means: ".................!! ..: ........h.., ...'.........h.. t........h..h.... "..., ...@...*....3544174036 ....". But vast numbers of such messages have been invading my inbox in the past year. Initially, I wondered whether they were some sort of Morse-like cybercode. Perhaps a secret communication for the cyber elite. Of course they were simply more cyberjunk - spam - travelling vast distances for no other purpose than to be trashed. But their numbers have got me worried. This is my seventh year of spam surveys - my annual trawl through internet sewers in search of meaning about the human condition, its motivations and frailties. And, if possible, to determine the spam trend of the year. This year 28 per cent of my sample was of the ellipsis-comma-exclamation mark-random number variety. Add the 5 per cent that were in an impenetrable hieroglyphic font, plus a further 12 per cent written in a foreign language, mostly Chinese or German, and I had 45 per cent of spams without meaning or possible purpose other than deletion.
One of the most frustrating things about the Internet has been the rise of spam. These unwanted e-mails choke our networks, steal precious storage space and in recent years have become the delivery vehicle for any number of malicious types of payloads intended to cause all kinds of harm. The fight against spam has seen its ups and downs over the years. Every now and again it feels like we're making progress, which usually occurs after somebody installs a new spam appliance that sports some sort of new enhanced algorithm for filtering out spam. But sooner or later, spammers adjust their methods to compensate for the new approaches to fighting spam and our e-mail systems once again start to fill up with junk. The core problem seems to be that we're dependent on developing signatures to track various approaches to spam the same way that we track signatures of viruses. But there are lot more approaches to spam than there are viruses, so by some estimates we might need to track as many as 2.5 million spam signatures within the next year. Most anti-spam solutions can never be 100 percent effective given that challenge and, over time, the weight of keeping track of all those signatures will overwhelm the amount of processing power that can be brought to bear on the problem at a reasonable cost. Much of this thinking is behind most of the efforts to shift the processing weight of security to the cloud. But even there all we've done is moved the burden rather than solve the problem.
Law enforcement agencies worldwide are losing the battle against cyber crime at a time when criminals are increasingly using the global economic downturn to make headway in recruiting more computers and computer users to further illegal online activities, a scathing new report from security vendor McAfee concludes. McAfee's annual "Virtual Criminology Report" (PDF) notes that the number of compromised PCs used for blasting out spam and facilitating a host of online scams has quadrupled in the last quarter of 2008 alone, creating armies of spam "zombies" capable of flooding the Internet with more than 100 billion spam messages daily. In an increasing number of cases, those missives are playing on public fears over the battered economy, pitching recipients on too-good-to-be-true job offers aimed to enlist them in cybercrime operations, McAfee said. "Cybercriminals are cashing in on the fact that the economic downturn is causing people worldwide to increasingly turn to the Web to seek the best deals and jobs, and to manage their finances," the report charges. "They are preying on fear and uncertainty and taking advantage of the fact that consumers are often more easily duped and distracted during times of difficulties. In fact, opportunities to attack are on the rise."
December 8, 2008 (Computerworld) Computer users are their own worst enemies, a security company warned today, as it released data that shows software bugs were the source of just 5% of the past year's infections. The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today. From Jan. 1 to Nov. 25, the top 100 attack programs infected 53% of their victims by duping them into downloading something from the Internet. An additional 12% of the infections tracked globally were caused by users opening e-mail attachments. Just 5% of the infections were related to an exploit of a software vulnerability, according to Trend Micro's analysis.
A Florida company that sells a spyware program must change advertising pitches that emphasize the product's clandestine nature, but the company can continue to sell the application, a U.S. federal court has ruled. CyberSpy Software had been unable to sell its RemoteSpy application since Nov. 6, when a court granted a request for an injunction after a complaint by the U.S. Federal Trade Commission (FTC). The FTC alleges CyberSpy marketed RemoteSpy by giving detailed instructions on how to install the program on computers and surreptitiously collect data. A trial is scheduled for June 15 in U.S. District Court for the Middle District of Florida in Orlando. The new injunction bars CyberSpy from suggesting the program can be secretly installed or that keyloggers can be passed on as innocuous programs.
Four weeks after McColo takedown, spam back to 63% of earlier volume December 9, 2008 (Computerworld) Four weeks after spam levels plummeted when a rogue hosting company was yanked off the Internet, junk mail volumes are again up, a researcher said today. According to IronPort Systems Inc., spam volumes have partially recovered since the Nov. 11 takedown of McColo Corp., the California hosting firm that was pulled off the Web by its upstream service providers after security researchers presented them with overwhelming evidence that it was harboring a wide range of criminal activity. Among McColo's clients: cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets in the world. Yesterday, approximately 94.6 billion spam messages were sent worldwide, said IronPort, which estimated today's volume at 96.8 billion. Those numbers were 62% and 63%, respectively, of the 153 billion spam messages sent four weeks ago, the day McColo went offline. Immediately after the takedown, spam levels dropped to 64.1 billion, just 42% of the pre-McColo volume. Spam's resurgence comes courtesy of several botnets -- some well-known, some not -- that were largely unaffected by McColo's disappearance, said Joe Stewart, director of malware research at SecureWorks Inc.
Security experts are warning Internet users to be aware of a disturbing evolution in malicious software that can turn a single infected computer into a vehicle for stealing data from any nearby systems, regardless of what operating system or security software those computers may be running. The evolution comes compliments of the DNSChanger family of malware, which usually comes disguised as a codec or browser plug-in that a user is told he or she needs to install in order to view Web-based videos. As its name suggests, the malware alters the domain name system (DNS) server settings on infected systems, effectively routing the victim's Web searches and other online activities through servers that the attackers control. DNSChanger can install on a Mac or Windows computer. The added feature in the latest version of DNSChanger is that it installs its own DHCP server on the victim's machine. DHCP stands for "dynamic host control protocol," and it is what wired and wireless routers use to hand out addresses to computers on a network. In fact, most laptops are configured to automatically request an Internet address from any local wireless network that happens to be handing them out. Why is this a big deal? By adding its own DHCP server to a host machine, DNSChanger can now offer nearby wireless-equipped devices an Internet address, complete with its own set of rogue DNS servers.
