Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Two years ago, U.S. retailer TJX spent some US$130 million -- including US$65 million to two credit card companies -- to clean up the mess after the online theft from its computers of consumer data. Had the company followed basic wireless security procedures the breach wouldn't have happened, Derek Manky,project manager for cybersecurity and threat research for security vendor Fortinet, told the IT360 technologyconference last week in Toronto. It's an example, he said, of how defending against the ever-increasing malware threats can be effective and not expensive. "The reality is breaches and infections will happen," Manky said. A layered defence based on unified threat management rather than end point products will help blunt the attacks, he said. But some actions don't involve spending a penny. For example, it costs nothing to create and stick to a patch management policy, he said. Proof that manyorganizations don't do that was the large number of servers and PCs infected by the Conficker worm two months after Microsoft released a patch. Disabling any autorun capabilities in the operating system is another free fix that's forgotten, as well as forbidding the use of simple passwords. Still, Manky offered no easy fixes. "The barrage of these threats is not going away," he said. There was an explosion of malware in 2007, and since then "it's getting worse."
Two U.S. senators have introduced a bill that could cut down on unsolicited spam messages sent to cell phones. Sens. Olympia Snowe, R-Maine, and Bill Nelson, D-Fla., want to tackle mobile spam and are seeking to update the federal Can-Spam law to include messages sent to cell phones. Called the m-Spam Act, the bill would enable the Federal Communications Commission and the Federal Trade Commission to go after mobile spammers and intervene in the transmission of SMS spam. The bill also would ensure that marketers could not send messages to any cell phone number in the national Do Not Call Registry. "Mobile spam invades both a consumer's cell phone and monthly bill," Snowe said in a statement. "This significant and looming threat must be addressed in order to protect consumers and vital wireless services." According to data from Ferris Research, the number of spam text messages increased by 38% from 2006 to 2007. This means about 1.1 billion messages, or about 0.3% of all SMS messages, were unsolicited spam. While current laws already make it illegal to use auto-dialing techniques for wireless phones, text messages aren't yet covered and could become a larger target as SMS consumption increases at a rapid pace. Unlike most European customers who only pay for sending texts, these spam texts can quickly become costly for U.S. subscribers. Additionally, unsolicited SMS messages could potentially compromise a handset's security.
Several of you have emailed me for information about the latest Conficker update. Consider this post an update to my “no bull” guide to Conficker. Q: So, what’s happening? A: On April 8th a new update was made available to machines infected with Conficker variant C. This new update is called Conficker.E by many antivirus vendors. Q: How does this update come in? A: As an .exe file (previous conficker variants were all .dll files) via peer-to-peer (P2P). Q: What does this new update do? A: It seems that this update is a scareware package. It consists of a fake antispyware tool called Spyware Guard 2008. This update is a rogue antispyware tool that when triggered will “discover” that the system is infected with malware and ask the user for a payment to remove it. Of course this is all a scam and the system remains infected after the paid-for detox. Detailed removal instructions for Spyware Guard 2008 can be found here. This update also reintroduces Conficker’s ability to exploit the MS08-067 Windows vulnerability (Conficker.C didn’t have this feature). It’s also suspected that Conficker.E will coral PCs and put them to work as part of a spambot network. Q: Anything else interesting about Conficker.E? A: Well, it is set to delete itself if the date is May 3, 2009 or later. Gives us an idea as to when the next update could be due. Q: How widespread is Conficker.E? A: Well, this this update is being sent to systems running Conficker.C, and it is estimated that this has infected a few million systems, that’s a good starting point for how far this might go. Given that this update also leverages MS08-067 then it has the potential to spread even further.
According to the Department of Homeland Security, there were 5,499 known breaches of U.S. government computers with malicious software last year, comparing to 3,928 in 2007, and 2,172 in 2006, reports the Associated Press. It seems hackers have become a serious problem for most governments. The Pentagon reported it spent more than $100 million in the last six months as a result of damage from cyber attacks and other computer network problems. The White House is about to finish its 60-day review on improving government usage of technology with the aim of protection. As the result of "unknown foreign entities" computers of the Departments of Defense, Homeland Security, Commerce, and NASA have been damaged, states the report of the Center for Strategic and International Studies. It should also be mentioned that in 2007, Russian hackers have crippled computer networks in Estonia for almost three weeks, which caused NATO to set up an Estonia-based cyber defense center. German experts, monitoring Chinese cyber espionage since the 1990s, have verified "many hundreds of attacks per year," and say there are many gone undetected. Moreover, it should be highlighted that cyber threats are not causing problems only for governments. David Livingstone, author of a report on cyber threats by the London-based Chatham House think tank said, it was a problem of all sectors - businesses, government and individuals. With the aim of accessing information on his actions, and discussions of documents, Dalai Lama group's e-mail system was infiltrated with malware. This fact is insufficient, considering the Chinese hackers infiltrating 1,295 computers in 103 countries. On other hand, governments also seem to be using cyber attacks. a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian top security and military intelligence agencies were involved in "denial of service" attacks seen by Georgian government and corporate Web sites during the weeks leading up to the war between Russia and Georgia. Chen Wenguang, a Chinese computer expert, said "I believe that it is the Americans that steal the most secrets." In response, Kevin Chilton, Air Force Gen., who heads U.S. Strategic Command stated, "A good defense also depends on a good offense," said. The Cambridge security experts recommend that some data is simply kept on paper.
In the latest edition of its Security Intelligence Report, Microsoft officials point to the spread of rogue anti-virus programs as a significant threat users are facing. The company also outlined the data breach threat posed by insiders, as well as an increase in the number of Microsoft vulnerabilities it was forced to patch. Rogue anti-virus has emerged as one of the most prevalent threats to end users in 2008, according to Microsoft's latest Security Intelligence Report. Also known as scareware, bogus anti-virus programs lure users into paying for software that, unbeknownst to them, offers either little or no real protection, and is sometimes designed to steal data. "Of the top 25 malware or potentially unwanted software families that we had information on in the second half of 2008, seven of those had some connection to rogue security software," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. Two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, placing them into the top 10 threats for the second half of the year. In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6 percent over the first half of 2008, according to Microsoft. Those pushing the software are preying on the public's healthy skepticism about the Internet, he added. The findings come as little surprise. Earlier this year, Finjan reported it had uncovered a scareware affiliate network that made an average of $10,800 a day.
The insidious Conficker worm, which has spent months spreading to millions of computers worldwide, has begun taking some of the malicious action security experts feared was coming. Researchers said the new variant sprung to life Tuesday night and Wednesday morning -- and now is being used for two purposes: to download fake anti-virus programs, known as "scareware," to infected machines, and to receive encrypted binaries from the Waledac spam botnet. "The wait is over," said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab. "Now we have to see if this is going to be it or if they're going to install more malware." Computer users anxiously waited to see if Conficker would act on April 1, when it was supposed to activate to retrieve additional payload instructions from hundreds of randomly generated domains. The malware, though, stayed mostly silent that day. Schouwenber told SCMagazineUS.com that Conficker's authors have spent the last several months seeding the worm on up to 12 million machines across the globe. Now, with the new variant, dubbed Conficker.E, they appear to be trying to make money.
More than a week after its April 1 deadline, the Conficker C worm released an update that could activate the botnet to deliver spam and turn infected PCs into zombies. Researchers say that the latest update could include a connection between the Conficker worm to the active spam bot W32.Waledac. Specifically, researchers said they have seen circumstantial evidence that the latest strain of Conficker, known as Downadup E, might drop a Waledac binary on machines infected with Conficker C. That binary is designed to steal information and turn infected PCs into spam-spewing drones under the control of the malware authors, experts say. "We got a first look at the payload and we're still looking at this one, a worm or Trojan called Waledac associated with tons of spam," said Vincent Weafer, vice president of Symantec (NSDQ:SYMC) Security Response. "Ultimately it's about information stealing." More Conficker updates could include widespread distribution of Trojans, keystroke loggers and other malware designed to grab user credentials and steal personal and financial information later down the road, Weafer said. "And then what's left is a very robust botnet," he added. April 1 marked the day the Conficker worm was scheduled to undergo an update that provided a new domain generation algorithm allowing the infected computers to "call home" to about 500 of the 50,000 newly generated domains, possibly for new instructions. The new strain of the Conficker worm updates machines infected with Conficker C to the new strain, known as Downadup E via peer-to-peer techniques.
Oprah Winfrey has been generous with her studio audiences, including the famed day when she pointed to everyone there and proclaimed, "You're getting a car!" But she's not giving away $1 million, despite a spam e-mail making the rounds. The FBI has issued a warning that the "Oprah Millionaire Contest Show" e-mail is a scam. The message says the recipient has been nominated to be on "The Oprah Winfrey Show," during which a winner of the cash will be named. Then it asks the "nominee" for contact information. Those "chosen" for the show (probably anyone who responds to the e-mail) are told that the next step is to buy an airline or train ticket to Chicago for the program. They even have to pay to get into the show. Of course, the senders of the e-mail say to send the money for the travel and show tickets to them. (See a copy of the offending message at the scam-busting website Snopes.com.) Oprah.com, the official website of Winfrey's media empire, has posted a warning that there are several “sweepstakes scams” concerning the show, and that no such program is scheduled. Besides, although tickets to the show are tough to get, they're free.
More than 97% of all e-mails sent over the net are unwanted, according to a Microsoft security report. The e-mails are dominated by spam adverts for drugs, and general product pitches and often have malicious attachments. The report found that the global ratio of infected machines was 8.6 for every 1,000 uninfected machines. It also found that Office document attachments and PDF files were increasingly being targeted by hackers. Microsoft said people should not panic about the high levels of unwanted e-mail. Cliff Evans, head of security and privacy for Microsoft in the UK, told BBC News: "The good news is that the majority of that never hits your inbox although some will get through." Ed Gibson, chief cyber security advisor at Microsoft, said the rise in spam was due to traditional organised crime figures moving away from exploiting software vulnerabilities and "targeting the weak link that is you and me".
Imitation has always been a form of flattery, and that’s particularly true for the cybercrime ecosystem. From the lone Chinese cybercriminals releasing DIY tools for generating malware actively exploiting the MS08-067 flaw, followed by the original Conficker worm, Microsoft’s MMPC (Malware Protection Center) is reporting on a currently spreading Conficker copycat detected as Worm:Win32/Neeris.gen!C. The latest variant of Neeris which has been in the wild since 2005, is mimicking all of Conficker’s spreading techniques, including the exploitation of MS08-067 and the AutoRun spreading tactic, but is continuing to propagate through its original method - sending links over MSN. With the Neeris copycat now in the game, what are the chances that it would steal some of Conficker’s market share? Pretty pessimistic. The Neeris author also attempted to launch the campaign beneath the radar with Microsoft’s MMPC pointing out that the peak of the campaign took place on late March 31st and during April 1st, Conficker’s largely overhyped update activation date. However, this tactic is not going to compensate for some of the obvious mistakes that the author made in the form of using bogus time stamps for the malware, and the use of easily spotted as malicious attachments (.exe;.scr) even by the average Internet user. Copycats don’t just share the same propagation/infection vectors, they also share the same mitigation ones.
