[ insider_reports_insider ]
Harry Potter Used As Mailing Exploit
Chris Richardson
Contributing Writer
2005-02-08
 Insider Reports RSS Feed
The spam community never seems to miss an opportunity to trick unsuspecting users into opening and clicking what most would deem as unwanted mail. One of the more popular ways to trick unsuspecting recipients is by using misleading subject lines.
 | | Harry Potter Used In New Spam Attack |  |
There have been reported spam "attacks" which feature subject lines about natural disasters, popular entertainers, and of course, the ever present get-rich-quick schemes that permeate inboxes. Keeping with this theme, another group of spam mailings using the upcoming Harry Potter book to trick people into clicking has been discovered.
In other news, with voice over IP becoming a popular medium of communication, malicious code writers have another target for their exploits. Because of the potential threat, a number of security and telecommunications companies have formed a VoIP Security Alliance.
Speaking of security groups, while one is being formed, another seems to be on the verge of collapse. The anti-spyware consortium, COAST (Consortium of Anti-Spyware Technology Vendors), lost another member, further damaging the effectiveness of the group's explicit goal: curbing spyware.
Harry Potter Used In Spam Mailings
According to Sophos.com, a number of spam emails that have appeared recently use the upcoming JK Rowling book to trick recipients into visiting a "make money fast" scheme.
Sophos's global network of spam monitoring stations have sighted thousands of instances of an email claiming to be instructions on how to win a copy of the as-yet-unpublished next book by JK Rowling, "Harry Potter and the Half-Blood Prince."
The emails claim that recipients can get a free copy of the book by clicking on a link, but this in fact takes users to a website offering advice on "free money-making secrets", with no mention of the troubled teenage wizard…
Last week, Harry Potter author JK Rowling warned fans to beware internet fraudsters who were phishing for credit card details by pretending to offer electronic copies of the new book online.
Security Group For VoIP Forms
As voice over IP becomes more and more popular, virus writers and malicious coders have another target to concentrate on. As with most methods of modern communication (think mobile phones), viruses and other types of attacks are becoming legitimate threats to those who use these services.
Because of these threats, a number of telecommunications and security companies are joining forces to promote VoIP security, as well as the types of threats VoIP users can face. As reported by PCWorld.com,
The VoIP Security Alliance will disseminate knowledge of Internet telephony security risks through discussion lists, white papers, and research projects. The group hopes to spur adoption of VoIP by promoting best practices for companies that adopt VoIP, and by warning organizations of threats, including spam and denial-of-service (DOS) attacks, according to Dave Endler, director of digital vaccine at TippingPoint, a division of 3Com Corporation.
The new group is the first cross-industry association that is focused on VoIP security. It includes major players in the market, such as Alcatel and Avaya, VoIP newcomer Comcast, security technology vendors Qualsys and Symantec, as well as TippingPoint.
One goal of the group is to clear up misconceptions about the technology, which allows voice conversations to be transmitted over the Internet. One misconception the group will try to dispel is that deploying VoIP is the same as deploying traditional data network…
To assist the education process, the group will distribute information on VoIP vulnerabilities as well as the promotion of necessary security tools to combat these risks.
Members Continue To Leave Anti-Spyware Group
As one security group forms, another seems to be falling apart. COAST, an anti-spyware consortium similar to the VoIP security group, is facing a number of defections from companies that helped establish it, weakening COAST to the point of potential collapse.
According to PCPro.com:
Computer Associates, which has an interest in the anti-spyware market through the PestPatrol brand it bought last year, has said it is quitting the consortium. In a statement the company said, "We are withdrawing from COAST because we believe the organization no longer has the ability to create a consensus for effective anti-spyware standards. We remain committed to working with other vendors and researchers to create standards that will improve the security and usability of the Internet for all."
As we reported yesterday, two other members of the anti-spyware group, Webroot and Aluria have already quit the group. Although none of the companies who have left have said so publicly, they are said to be unhappy about the recent admittance of adware company 180solutions.
Because spyware can be so disruptive and damaging, the need for consortiums like this are high. Unfortunately, they can't seem to stay together long enough to effect change… at least in this case.
However, the collapse of groups designed to combat Internet security risks does not remove the most effective tool against malicious programs and mailings: user vigilance. Be sure and keep your virus definitions up to date, and always uses anti-spyware software to scan your computer. There are a number of programs, even free ones, which can help users in spyware and virus prevention.
About the Author:
Chris Richardson is a search engine writer for WebProNews. Visit WebProNews for the latest search news.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
