http://www.securitypronews.com Breaking news and updates in Internet security en-us Thu, 02 Jul 2009 03:44:21 EDT rrobinson@ientry.com mike@ientry.com http://www.securitypronews.com/rss.gif http://www.securitypronews.com 55 266 http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090702ChineseOfficialSaysGreenDamStillLooms.html

Chinese Official Says Green Dam Still Looms

The Green Dam Youth Escort software is, as the name implies, supposed to protect children (from accessing porn). Which could be all right, although universal implementation would still be controversial. (The Chinese government wants Green Dam installed on just about every computer in the country).

Only Green Dam is likely to block certain political and news sites, and make it easier for the Chinese government to monitor dissident activity, too. So human rights groups have gotten involved.

Of course, at this point, the software's existence would still be just one nation's problem. But here's the scary part: the Green Dam software appears to be extremely vulnerable to attack, and if someone or something exploited it, Bruce Schneier pointed out to Tom Espiner, "Suddenly you have an army of a couple of billion computers. This should worry all of us."

Indeed, such a botnet would pose a threat to everything from companies to banks to governments. Some random hacker could bring the world to its knees.

And according to an anonymous Chinese official, it's inevitable that the Green Dam initiative will take effect. He told China Daily, "The government will definitely carry on the directive on Green Dam. It's just a matter of time."

But perhaps, given the massive number of people who are presumably working on Green Dam, most of the holes will get plugged and other issues will be addressed in real time. Or maybe - although the ethics of this would be rather gray - international parties will be able to contribute solutions and help prevent a major incident.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090701GoogleWeighsInOnQ2SpamTrends.html

Google Weighs In On Q2 Spam Trends

The good guys are winning occasional victories; the McColo takedown in November had a huge impact, and the dismantling of 3FN in early June helped a lot. There's also an interesting trend in that the spammers who step forward to fill the holes are trying old tricks with which security professionals are already familiar.

Still, in regards to the 3FN development, Kleha writes, "Since June 4, spammers have already made up a significant amount of ground, climbing 14% from the initial drop."

And the end result on an overall scale is that "Q2'09 average spam levels are 53% higher than in Q1'09 and 6% higher than in Q2'08."

It's reports like these that make the security professionals who protect us more appreciated, anyway.

On that note, Kleha did take the opportunity to promote her team, writing, "For more information on how Google email security services, powered by Postini, can help your organization provide better spam protection and take a load off your network by halting spam in the cloud, visit www.google.com/postini."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090630ReportFinancialAndSocialMediaScamsTakingOff.html

Report: Financial And Social Media Scams Taking Off

Here's the story. Things started in January with MarkMonitor picking four bank brands to monitor for scams connected to terms like "mortgage" and "unemployed." Then it examined 134 million public domain records and billions of sites and emails.

When all was said and done, MarkMonitor concluded in a formal statement, "More than 7,300 cybersquatted domains were identified targeting the four financial brands in the study. . . . Phishing attacks against the four financial brands numbered 10,000, representing a 36 percent increase in Q1 2009 from the previous quarter."

Plus, with respect to sites like Facebook and MySpace - sites where you let down your guard because you're supposed to be among friends - the statement noted, "Social media is one of the fastest-growing target category for phishers, with attacks increasing 241% against social media companies between Q1 2008 and Q1 2009."

Hopefully that finding will be helpful inasmuch as it'll make people be more cautious even when they're in allegedly safe online environments. The first string of discoveries may protect people who are already down on their luck, too.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090629MessageLabsGivesBotnetRundown.html

MessageLabs Gives Botnet Rundown

Cutwail, for better or worse, came out on top. A MessageLabs representative stated in an email to SecurityProNews that this "largest and most powerful botnet is responsible for 45% of all spam."

Still, the good guys scored some points here, because Cutwail "experienced several hours of downtime on the morning of June 5, 2009, following the shutdown of California-based ISP Pricewert by the FTC and is now at 1/3 of its original capacity."

Next up is Mega-D, and its description reads, "[I]t has been on a steady decline and is now responsible for only 9.3% of spam. However, it's still one of the hardest working botnets in terms of spam per bot per minute."

Then follow Xarvester, Donbot, Grum, and Rustock, all of which also seem to have suffered setbacks at different points, but remain definite threats.

So there's the current rogues' gallery of botnets. We won't blame you if you'd prefer to go into a sort of Abbot Arnold Amaury mode ("Kill them. For the Lord knows those who are his.") rather than learn more details, but the MessageLabs report is available if you're interested.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090626SpammersExploitMichaelJacksonsDeath.html

Spammers Exploit Michael Jackson's Death

About 8 hours after Jackson's death yesterday, Sophos detected the first wave of spam messages taking advantage of the breaking news in the subject line and body of the email.

In these messages, the spammer claims that they have vital information about the death of Michael Jackson to share. The body of the email does not contain any call to action links and the from email address is bogus. However the spammer can easily obtain the recipients email addresses via a free live email address if computer users reply to the spam message.

"The untimely death of the King of Pop, Michael Jackson, has sent shockwaves through the entire world - but unfortunately, this type of huge news story is also the perfect vehicle for spammers to snare vulnerable computer users," said Graham Cluley, senior technology consultant at Sophos. "These spammers are relying on curious users to reply to their bogus claims - but if you receive one of these messages you just need to delete it."

We've also discovered cybcercriminals taking advantage of the sad death of 70s TV icon Farrah Fawcett to spread fake anti-virus software, so users should certainly remain vigilant."

"The fact is that cybercriminals have no respect for taste and decency. The only thing they are interested in is making some money for themselves, and turning other computer users' lives into a misery."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090625HackersTargetingSocialNetworkUsers.html

Hackers Targeting Social Network Users

The survey found two-thirds of respondents don't restrict any details of their profiles from being visible through a search engine like Google and over half are not sure who can see their profile.

About one third include at least three pieces of personally identifiable information and more than one third use the same password for multiple sites. In addition, one quarter accept "friend requests" from strangers.

"The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth," said Mike Kronenberg, chief technology officer of Webroot's Consumer business.

"Three in ten people we polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorized password changes and 'friend in distress' money-stealing scams. The first step to staying protected is being aware of what the threats are and knowing how to help prevent them."

Cybercriminals use various types of trickery and malware to take advantage of risky behaviors. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, visiting a risky site outside the social network, or wiring money to a "friend in distress."

Webroot says in recent months it has seen an increase in these types of attacks on social networks, including "Trojan-MyBlot," which targeted users of MyYearbook.com and others targeting Facebook users.

"Hackers lure users into taking actions they shouldn't by making it appear as if a friend within their social network has sent them a message - only the message is from a hacker who's hijacked the friend's account," continued Kronenberg.

"We've seen instances where a salacious yet poorly worded message like, 'This video of u is evrywhere' includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things -- spam your friends, monitor your online activity or record your personal information."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090624USToCreateNewCyberCommand.html

U.S. To Create New Cyber Command

The new Cyber Command is likely to be located at Fort Meade, Maryland, outside Washington, D.C. It will be focused on protecting military systems but not other U.S. government or private networks, Pentagon spokesman Bryan Whitman said.

The Cyber Command will initially go live in October and be fully operational in October 2010, Whitman said.

Whitman did not disclose if the command would be able to carry out offensive operations as well.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

The United States has said many attempts to hack into its networks can be traced back to China but it has not directly accused Chinese authorities of being responsible.

The U.S. Department of Defense operates about 15,000 networks and runs some 7 million computers and other information technology devices, Whitman said.

"Our defense networks are constantly probed. There are millions of scans every day," he said.

"The power to disrupt and destroy, once the sole province of nations, now also rests with small groups and individuals, from terrorist groups to organized crime to industrial spies to hacker activists, to teenage hackers," he said.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090623DetroitSpammerPleadsGuiltyToStockFraud.html

Detroit Spammer Pleads Guilty To Stock Fraud

Ralsky and four other people pleaded guilty, joining three others who pleaded guilty earlier, the U.S. Department of Justice announced.

According to court records, from January 2004 through September 2005, Ralsky and others engaged in a related set of conspiracies designed to use spam emails to manipulate thinly traded stocks and profit by trading in those stocks once their share prices increased after recipients of the spam emails traded in the stocks being promoted.

"Alan Ralsky was at one time the world's most notorious illegal spammer," said U.S. Attorney Terrence Berg. "Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese 'penny' stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.

"Using the Internet to manipulate the stock market through spam e-mail campaigns is a serious crime, and this case serves notice that federal law enforcement has the both the capability and the will to successfully investigate, prosecute and punish such cybercrimes."

Ralsky, 64, of West Bloomfield, Mich., pleaded guilty to commit wire fraud, mail fraud and to violate the CAN-SPAM Act. Under the terms of his plea agreement, Ralsky acknowledges he is facing up to 87 months in prison and a $1 million fine under federal sentencing guidelines.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090622GoogleGoesAfterMalwareInAds.html

Google Goes After Malware In Ads

The company launched an initial custom search engine at the beginning of the year, aimed at allowing ad networks to do background checks on potential advertisers to reduce the risk of malware.

"It checks a variety of independent, third party sites that track possible attempts to distribute malware through advertising," it says on the site.

"Its search results should not be considered the last word on a prospective customer, but one potential source of helpful information. If a party you're researching comes up in a search result here, we recommend you take a closer look at the party in question before rendering judgment."

The Anti-Malvertising.com site recommends for publishers to always perform in-depth quality assurance on creatives and that they avoid ad networks without strong anti-malware security measures in place.

In early 2008, Google found that about 2 percent of malicious websites were distributing malware via advertising, based on an analysis of nearly 2,000 advertising networks. In a first quarter 2007 Web Trends Security Report released by Finjan found that about 80 percent of malicious code came from online ads.

"The world of online advertising, like the offline world, is a dynamic environment that contains a diverse mix of people with different goals-both good and bad," the site reads.

"This website focuses on malvertising (the threat of malware being distributed through advertising) and how you can help prevent it."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20090619MorroSetForTuesdayRelease.html

Morro Set For Tuesday Release

On Tuesday, the first 75,000 individuals to visit www.microsoft.com/security_essentials are supposed to receive access to Morro, or, as it's also known, Microsoft Security Essentials. Microsoft's not making any promises beyond that point.

Of course, the company might expand the offering, depending on demand and so long as its servers don't get swamped. Just don't say we didn't warn you.

Anyway, Microsoft Security Essentials is supposed to remove malware, spyware, and viruses, and provide real-time protection against malware and viruses, too. And although part of the reason it's being put out in a limited batch is so that further tests can take place, reports say that the software's in decent shape.

Ed Bott, for example, recently tested it and wrote, "I'm sufficiently impressed by MSE in operation to give it a more in-depth workout on multiple systems here."

So if you're looking for an alternative to other free forms of protection, consider staying especially near your computer on the 23rd.

]]> SecurityProNews Insider Reports