Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Cisco (NASDAQ: CSCO) today released a security report that warns that Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers. In the 2008 edition of the Cisco® Annual Security Report, the company identifies the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. "Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet. This year's trends underscore how important it is to look at all basic elements of security policies and technologies," said Patrick Peterson, Cisco fellow and chief security researcher. "Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk." Peterson describes some key threat trends that gained prominence in 2008 in three video blogs posted today: 1.) Overview of the Report: (http://www.youtube.com/watch?v=lGy1myxIDu0) 2.) Botnets (http://www.youtube.com/watch?v=tvfdj6OD4bk) 3.) Reputation Hijacking (http://www.youtube.com/watch?v=GZ_1oRSZhL8)
One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. View our slide show of 2008's biggest tech crime stories Security software company Symantec became the latest company to raise red flags about what it called the "underground server" economy last month, when it issued a report estimating that roughly $276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information (16%), server accounts (10%), financial accounts (8%) and spam and phishing programs (6%) trailing far behind. What's even more unnerving than the availability of this information is its low price. According to Symantec, bank account credentials are selling for $10 to $1,000, while information about financial Web sites' vulnerabilities sell for an average $740. If all the stolen information available on the servers were exploited successfully, it would bring in about $5 billion, Symantec estimates. One big reason this data is more widely available is that writing malicious code has grown from a hobby for many hackers into a full-time job where code writers make a living stealing information and selling it over underground server systems, says Dave Marcus, security research and communications manager at McAfee Avert Labs.
The malware assault on our PCs escalated in 2008, according to antivirus vendor F-Secure. The company's threat summary for the second half of 2008 reports that F-Secure added 1 million virus definitions to its database this year, a threefold increase from the number of viruses the Finnish security vendor detected in 2007. Today's malware authors aren't just looking to cause trouble; they're after your money and personal information, which these days are synonymous. Attacks are only going to increase in number and sophistication. If you thought you could avoid an infection by staying away from questionable sites, downloads, and e-mail links, you're mistaken. The only way to play it safe is to assume the worst. That's why I spent several hours last week disinfecting a notebook computer that probably wasn't infected in the first place. It all started when I decided to run a free online virus scan on my notebook. I use a top-rated security suite that's set to update its virus definitions and other settings automatically, so I was confident the scan would come up empty. (I'm not going to name either product because I don't want this post to be construed as a recommendation one way or the other.) Unfortunately, after a complete system check, the online virus service told me it found two suspicious files on my notebook. The scanner's option to remove the files was grayed out, and the option to "skip" them was recommended.
December 15, 2008 (Computerworld) Spam volumes are creeping up again after plummeting four weeks ago when a rogue hosting company was yanked off of the Internet. IronPort Systems Inc., a maker of e-mail security tools, said that spam volumes last Tuesday reached 96.8 billion messages, over 30 billion more than were sent in the days following the Nov. 11 takedown of McColo Corp. by its primary Internet service providers. An average of 190 billion spam messages were sent daily in the month prior to the shutdown of McColo for allegedly harboring cybercriminals running some of the biggest spam-spewing botnets. Joe Stewart, director of malware research at SecureWorks Inc., said botnets that were mostly unaffected by McColo's disappearance are responsible for the resurgence.
With holiday shopping in full swing, everyone is out looking for a steal. And that includes criminals. Internet users will get the usual barrage of offers that are too good to be true. Some will be deals, but others will be duds in the form of cyber criminals. These bad guys will multiply their efforts this year to get shoppers to give out personal information, according to experts at Trend Micro, an Internet security firm. The struggling economy is giving crooks more incentive for ripping people off and stealing their identity online. Just how prevalent is online crime? Try $3 billion taken by scammers last year, Trend Micro reports. This time of year, shoppers are more aggressive to sign up for a bargain — and the crooks know this, experts say.
A virus that's attacking Facebook users is also infecting other social networking sites, says ScanSafe. Koobface tricks social networkers into downloading malicious malware onto their PC. Users receive messages that look as if they're videos. Often they say something like "you look funny." When the user clicks to see the video, he is taken to a new website and asked to download special software in order to see the video. That software is malicious and once installed on a PC, the Trojan will direct users to hoax search engines and other websites, putting them at risk of ID theft. According to ScanSafe, Koobface has been identified on Bebo and could even spread to other social networking sites including - MySpace and Friendster. ScanSafe also claims that the virus accounts for one percent of all its blocked malware.
Erik Larkin, PC World PC World Saturday, December 13, 2008; 12:19 AM "Barak Obama Is on the Verge of Death!" This header on a piece of pre-election spam had credibility problems (spelling the candidate's first name correctly might have helped), but it got people's attention. It was one of a slew of junk-mail blasts that used campaign-related topics to trick unwary readers into opening the message. This particular missive carried an image that, when clicked, jumped credulous recipients to an online pharmacy site. Hacker's Smoke Other pre-election spam promised nude pictures of a candidate's wife, blamed the death of a (perfectly healthy) public figure on President Bush, or warned that "The State is in peril." Each example (captured by antispam company Cloudmark) shows spammers trying to make their mass-mailings more enticing by fronting them with fake headlines about prominent people in the news. But who falls for this garbage? The good news is that few people do. An infiltration of spam networks by researchers offers a rare glimpse into spam "conversion rates"--the percentage of people who respond to each displayed online ad, piece of direct mail, or spam sent. According to the study, "Spamalytics: An Empirical Analysis of Spam Marketing Conversion," only 1 in 12.5 million pieces of spam ended up snaring someone foolish enough to buy from a fake online pharmacy. But even that minuscule response rate is enough to reward spammers with a tidy profit. A host of quiet cookie trackers and other tools help marketers gauge the conversion rate for banner ads and the like, but such numbers for spam are normally very difficult to obtain. To overcome this problem, computer science researchers at University of California campuses in Berkeley and San Diego effectively hijacked a portion of the Storm botnet, which uses a huge network of malware-infected PCs to send spam and conduct other dirty business.
Websense predicts 2009 will see hackers using cloud technology to send spam and malware The cloud will increasingly be used for malicious purposes in 2009, as malware writers look for more efficient ways to send spam and launch attacks, according to content security vendor Websense. The firm's Security Labs argued in its predictions for 2009 that the cloud offers malware writers the same benefits as businesses in being easy-to-use, rent-as-you-go and highly scalable. n this way, it could be used by hackers for sending spam or to launch more sophisticated attacks including hosting malicious code for downloads and testing malicious code, said Websense. The firm also predicted a rise in the use of rich internet applications (RIAs) for malicious purposes as hackers exploit vulnerabilities in apps such as Google Docs. "Malicious attackers are always looking for new ways to penetrate systems defences and they will inevitably see RIAs as a potential attack surface," argued Websense chief technology officer Dan Hubbard.
RICHMOND, Va. (AP) — Virginia's attorney general asked the nation's highest court Thursday to revive a state anti-spam law struck down by a lower court as unconstitutionally overbroad. Virginia's Supreme Court ruled in September that the law violates the free-speech protections of the First Amemdent because it prohibits anonymously sending any type of unsolicited bulk e-mail, including political and religious messages. Most states have anti-spam laws, and there is a federal statute, but Virginia's is the only one that is not limited to commercial e-mails. In asking for a reversal of the ruling, Attorney General Bob McDonnell McDonnell said that the state court erred in its conclusion that some "imaginary spammer" could be unfairly prosecuted for sending political or religious e-mails. The justices "invalidated a statute on its face based on a hypothetical application that occurs very infrequently, if it occurs at all," he wrote in his petition to the U.S. Supreme Court. McDonnell said he expects a decison on the petition early next year.
So, if you don’t believe that the BANK OF THE NORTH INTERNATIONAL,ABUJA or a relative of Ex-Nigerian Head of State Late Gen. Sanni Abacha who died on the 8th of June 1998 has $12 million in ill-gotten gains just waiting to share with you, perhaps you will believe the FBI does. The latest version of Nigerian spam purports to be an “official order” from the FBI’s Anti-Terrorist and Monetary Crimes Division confirming an inheritance or lottery winnings, reports the Internet Crime Complaint Center, a DOJ entity. Turn over some personally identifying information to claim your share, or perhaps face criminal sanctions for failure to do so, the scam goes. Another spam purportedly from the IC3 says the recipient has extorted money and must turn it over right away. Don’t do it: The FBI does not send unsolicited e-mails of this nature. FBI Executives are briefed on numerous investigations but do not personally contact consumers regarding such matters. In addition, the IC3 does not send threatening letters to consumers demanding payments for Internet crimes.
