Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
All of those junk e-mails that clutter up your inbox aren't just a massive annoyance but a colossal waste of energy. According to a report released this week by computer security company McAfee, spammers last year generated a whopping 62 trillion junk e-mails. What does that mean in terms of energy? Instead of sending messages asking for money or marketing Viagra, the electricity used sending the e-mails could have powered 2.4 million homes for a year or driven a car around the planet 1.6 times, according to the report. That waste of energy is also polluting the environment. Anything powered by electricity also emits greenhouse gases. McAfee researchers say each junk e-mail emits 0.3 grams of the greenhouse gas carbon dioxide (CO2). That may not sound like much, but when you consider the volume of global annual spam, it all adds up.
“All clear” is the word coming out of Twitter as it completes the mop-up work from an Easter weekend worm outbreak that infected tens of thousands of user profiles. According to published reports, Twitter was attacked at least four times in the past week with a worm designed to infect profiles with an application that tricked users into clicking on a link to a rival social network. Once the target machines were infected, the worm would replicate and begin using the infected profile’s list to broadcast to other users. Michael Mooney, a 17-year-old student in Brooklyn, told the Associated Press that he created the worm to promote his site, StalkDaily. He reportedly said that he didn’t think the worm would cause any damage or raise any issues. Twitter and security experts say the worm was contained to the Twitter network, but the damage could have been much worse. Security researchers and vendors have issued a steady stream of reports recently warning of the rising threat of malware and phishing attacks in social networks such as Twitter and Facebook. In a report issued by security vendor CommTouch this week, the threat of malicious links embedded in Twitter user updates and microblogs is amplified by TinyURL, a service that condenses and obscures original URLs. Twitter users often condense URLs to keep their updates within the 140-character limit.
If you worry that the Internet is a scary place full of digital pickpockets and online identity thieves, your fears will be bolstered by the latest Symantec Internet Security Threat Report released Tuesday. The report finds huge increases in the number of security holes in software and the number of Internet threats, particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the Web. Even visiting trusted Web sites isn't always safe. Most Web-based attacks target visitors to legitimate Web sites that have been compromised and that either serve up malicious content to the visitor or embed a malicious and invisible iframe on the page that surreptitiously redirects the user's browser to another Web server under an attacker's control, according to the report. Attacks are traded in underground channels, with people buying and selling software that automates attacks or even entire botnets of infected computers that serve as spam armies, the report says. Stolen data is then marketed and offered up with price lists and guarantees. Oddly, the price of stolen data remained the same in 2008 despite the fact that the economy took a nose dive, said Zulfikar Ramzan, a technical director at Symantec Security Response. The top Web-based attack in 2008 exploited the Microsoft IE ADODB.Stream Object File Installation Weakness vulnerability, while the top attacked vulnerabilty was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability, according to the report.
According to a report being released on Wednesday by security company McAfee Inc. 62 trillion junk e-mails in 2008 wasted enough electricity to power 2.4 million U.S. homes for a year, reports the Associated Press. Thus the estimate of "Carbon Footprint of E-mail Spam Report" shows that that the electricity needed to process a single spam message results in 0.3 grams of carbon dioxide being released into the atmosphere - the equivalent of driving 3 feet in a car. The researchers calculated the computational power needed to process spam - from criminals tapping their armies of infected PCs to send it, Internet providers transmitting it, and end users viewing and deleting it. McAfee based its conclusions on the data provided by energy and environmental consultancy ICF International Inc. "While the spam that arrives in any individual's inbox may create just a small puff of (carbon dioxide), the puff multiplied by millions of users worldwide adds up," McAfee wrote. As the report says 80% of spam's greenhouse emissions are related to the energy consumed by PCs when users are viewing, deleting, or sifting through spam looking for legitimate messages. In spite of the existence of special technology to filter spam many internet users who do not have such applications spend a significant amount of time (100 billion user-hours per year) addressing the spam coming to their inboxes. It should also be noted that spam accounts for 97% of all email. Interestingly, spammers try to limit the size of their attachments in order to evade being detected while legitimate email on the contrary may weigh several times more than junk messages. McAfee's report revealed that a single piece of legitimate e-mail are around 4 grams of carbon dioxide - 13 times spam's emissions - because users linger on them longer and attach bigger files.
Email users may already hate spam, but perhaps they’ll be gratified to know that it’s also bad for the environment. Calculating one’s carbon footprint may be all the rage, but in the case of spam, it’s serious, according to a study released Wednesday by computer security company McAfee Avert Labs. The report found that an estimated 62 trillion spam messages are sent each year. Each email is associated 0.3 grams of carbon dioxide released as greenhouse gas, the equivalent of driving three feet — but given the total volume of spam each year, it’s like driving around the earth 1.6 million times. The study, which was conducted by consulting firm ICF International, concluded that spam-related emissions for all email users world-wide creates a total of 17 million metric tons of carbon dioxide per year, 0.2% of total greenhouse gas emissions. Legitimate emails release four grams of CO2 compared with spam’s 0.3 grams, but since spam accounts for one-third of all business and personal messages, it adds up, says Dave Marcus, director of security research and communications for McAfee Avert Labs. “At this point in time, everyone has an email address,” he says. “I think it should resonate with a lot of people. The more we can keep [spam] away from users, the better the planet ends up.” The process of creating and dealing with spam involves a number of different energy-using steps, the report explains, from harvesting addresses to managing spam messages in one’s inbox. But almost 80% of the greenhouse gases created by spam actually comes from the process of deleting it, or by searching around for legitimate emails trapped in spam filters. So what can consumers do? Mr. Marcus says they should be careful about how they search the Internet and where they leave their email addresses, which will prevent them from being picked up by malware and will result in less spam in their inboxes from the start. But they should also use spam-filtering technology and make sure their email providers have installed the proper filters. The report found that spam filtering saves 135 terrawatt hours of electricity a year, the equivalent of taking 13 million cars off the road.
WASHINGTON, April 14 (Reuters) - The number of computer viruses is growing extraordinarily fast and shifting from phishing e-mails to being hidden in seemingly safe websites such as a local bed and breakfast, says Internet security company Symantec Corp (SYMC.O) in a new report on Tuesday. There has been a huge increase in the number of viruses and worms, also called "malicious code," on the Web with 624,267 identified in 2007 compared with 1.6 million last year, according to Symantec. "Sixty percent of all the (malicious code) threats in the past 20 years came in the last 12 months alone," said Vincent Weafer, Symantec's vice president of security content and intelligence, in an interview with Reuters. Attackers are shifting away from using a spam e-mail technique called phishing to get personal information from users to corrupting legitimate websites, for example a local business, and using it to steal, the report said. The attackers tend to shy away from big corporate websites run by companies who would quickly repair the site in favor of smaller sites not run by professionals, such as a bed and breakfast. Symantec's report cited other examples -- U.N. and British government sites -- of infected Internet sites. "The bad guys are going out to legitimate websites and compromising them," said Weafer. The goal of the viruses is to steal, with the spread of broadband overseas making it easier for lawless areas to inadvertently play host to hackers.
SAN FRANCISCO (Dow Jones)--The growing popularity of do-it-yourself Web-page creation by non-technical users is helping fuel a big uptick in viruses and phishing attacks, according to an expert at antivirus software maker Symantec Corp. (SYMC). During 2008, the number of "malicious code threats" identified by Cupertino, Calif.-based Symantec rose almost threefold to 1.66 million compared with 2007, according to the Symantec Internet Security Report for 2008. Alfred Huger, a vice president at the software company, thinks the rise is driven largely by more and more non-professionals creating Web pages, blogs and other Internet destinations. "More people are putting up Web sites without a strong background in programming," Huger said. "The main goal of attackers is to get (viruses) on your computer. They will go after any vulnerabilities, and the less professional sites are easier." The financial services sector accounted for by far the highest volume of attempted phishing attacks - attacks that purport to be legitimate communications but seek to persuade consumers to divulge personal information - in 2008, the report said. Financial-services-sector attacks accounted for 76% of all phishing attacks, up from half in 2007. Credit card information is the most commonly advertised item for sale on underground economy servers, accounting for a third of all goods and services. However, the report found that site-specific vulnerabilities - areas of weakness viruses use to get access to Web sites - declined in 2008. The report also found that spam email - unsolicited emails sent by companies targeting consumers - declined by 20% in 2008. Huger said this was largely because of the shutdown of two major hosting companies accused of being responsible for spam attacks in 2008.
April first was supposed to be the day that Conficker wreaked widespread havoc, but the absence of said havoc doesn't mean that we've seen the end of the problems. Last week, antivirus companies detected that an updated version of the software was being distributed. Over the course of the weekend, the new software got to work, as infected machines began to send out spam and run fake antivirus software which attempts to convince users to pay for its "services." Meanwhile, a teenager in Brooklyn, New York, has been playing cat and mouse with the folks behind the Twitter service, using its handling of malformed URLs and a bit of Javascript to send a mix of spam and taunting messages from random users' accounts. First, Conficker. According to researchers at Kaspersky Lab, the code that was distributed to the Conficker.c variant performed significant updates to the software that resides on compromised machines. From here on out, until the latest version expires in early May, Conficker will be able to spread as a worm. It's also bringing aboard a new bit of malware, termed Waledac, which can both send spam and harvest personal information. One machine tracked by Kaspersky quickly sent out over 40,000 spam messages in a 12 hour period. If all infected machines were as efficient as this one, the full network is estimated to be able to send out 400 billion spam e-mails in a single day. Not satisfied with letting its handlers haul in income via spam, Conficker also downloads and launches a fake antivirus app, Spyware Protect 2009. As is typical with this sort of scam, the antivirus program claims to identify multiple problematic files and offers to remove them for the convenient fee of $49.95—credit cards happily accepted. Kaspersky's antivirus blog has pictures of this scamware in action. To an extent, after a period in which nobody was sure what Conficker might eventually be up to, knowing that the recently formed malware network is (for now, least) little beyond ordinary for-profit malware is probably a bit of a relief. Still, that doesn't mean that the software is completely harmless; the Associated Press is reporting that the University of Utah computer network has been infested, including some machines at its associated hospitals. Although the University says that patient records weren't compromised, the information-harvesting capabilities of the new software puts a premium on eradicating quickly.
From the 'don't use the web version' files: Over the weekend, Twitter became the victim of a cross site scripting attack based worm that spread spam tweets. According to Twitter, nearly 200 accounts were compromised and some 10,000 messages in total were pegged as being worm spam generated. "Earlier today we were informed of a malicious site that was spreading links to StalkDaily.com on Twitter without user consent via a cross-site scripting vulnerability," Twitter posted on its status update page late Sunday. "We've taken steps to remove the offending updates, and to close the holes that allowed this worm to spread. No passwords, phone numbers, or other sensitive information were compromised as part of this attack." In total, there have been four different variant of the worm that hit Twitter over the weekend and now includes today (Monday). Early Monday Twitter claimed it was successfully fighting the fourth variant. The way it looks to me is that the Cross Site Scripting flaw is/was specific to Twitter web users. That is if you logging into Twitter by way of Twitter.com you could have been at risk from the flaw. Users of the third party clients (like Twhirl, TweetDeck) will not have the same risk. No question, this is a cause for concern in my opinion, however the speed with which Twitter is responding to this worm is commendable. It also shows why web based services can in fact be more secure than desktop ones. With a web based service Twitter only needs to update their main application and not the applications sitting on millions of deskop users. This new worm can be contained very quickly (unlike Conficker and it's desktop variants) and it will cease to exist sooner rather than later.
Two years ago, U.S. retailer TJX spent some US$130 million -- including US$65 million to two credit card companies -- to clean up the mess after the online theft from its computers of consumer data. Had the company followed basic wireless security procedures the breach wouldn't have happened, Derek Manky,project manager for cybersecurity and threat research for security vendor Fortinet, told the IT360 technologyconference last week in Toronto. It's an example, he said, of how defending against the ever-increasing malware threats can be effective and not expensive. "The reality is breaches and infections will happen," Manky said. A layered defence based on unified threat management rather than end point products will help blunt the attacks, he said. But some actions don't involve spending a penny. For example, it costs nothing to create and stick to a patch management policy, he said. Proof that manyorganizations don't do that was the large number of servers and PCs infected by the Conficker worm two months after Microsoft released a patch. Disabling any autorun capabilities in the operating system is another free fix that's forgotten, as well as forbidding the use of simple passwords. Still, Manky offered no easy fixes. "The barrage of these threats is not going away," he said. There was an explosion of malware in 2007, and since then "it's getting worse."
