The bots at the heart of Spam

The button with an emblem of an antispam on the keyboard.My colleagues, at MessageLabs, are reporting that 83% of all Spam messages are sent from botnet infected systems.  It has long understood that one of many uses for botnets is for an infected PC to become a spam relay. The information from MessageLabs is interesting in that it provides data to finally start to size the issue. They also went onto identify the botnets that are responsible for the spam itself. The Cutwail botnet is by far and the biggest culprit, accounting for 45% of all botnet spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference.
  
One other interesting update, contained in the report from MessageLabs, was that Instant Messaging (IM) continues to carry an increasing number of embedded links, that in turn, then lead people to compromised web sites that are then hosting malware. At the end of 2008, MessageLabs Intelligence research indicated that 1 in 200 (0.50%) hyperlinks shared over public instant messaging (IM) applications were identified as malicious, i.e. the website harbored some form of malware designed to perform a drive-by attack on a vulnerable web browser or browser plug-in. In June, the same research was conducted again and highlighted that the threat has increased to 1 in 78 (1.28%) were linked to websites that hosted malicious content.

June 30, 2009 | Filed Under Security, Spam | Leave a Comment 

Better late than never

gchqThe UK Government, yesterday, announced their cyber security strategy, as part of a revamped all encompassing national security initiative. For many people it may have prompted the question, ‘I thought we would have already had this already?’ Well we did not, but it is all in hand now. The new cyber security minister (Yes, we do have one),  Lord West commented that it is not that the UK has been left exposed to cyber threats from other countries to this point in time. He did go out of his way to reassure that the UK government has already faced down cyber attacks from foreign states such as Russia and China.

Two  new bodies will be established in the coming months as part of the strategy. A dedicated Office of Cyber Security in the Cabinet Office will co-ordinate policy across government and look at the legal and ethical issues as well as the relations with other countries. The second body will be a new Cyber Security Operations Centre (CSOC) based at GCHQ. This will bring people together from across government and from outside to get a better handle on cyber security issues and work out how to better protect the country, providing advice and information about the risks

So there we have it. We have shiny new groups to go out and battle the national cyber threats -  we wish them well!

June 26, 2009 | Filed Under Security, Uncategorized | Leave a Comment 

Microsoft and free security

virusToday, Microsoft released a BETA of its ‘Morro’ free anti-virus product. They also announced the name for the product, hence forward, it will be called Microsoft Security Essentials.

Microsoft Security Essentials is a slightly modified and stripped down version of the OneCare product it pulled from the shelves recently.  At a time when we face more threats online and our PCs are being deluged by malware, consumers don’t need less protection - they need more.  Referring to Microsoft’s basic antivirus and antispyware product as an essential security solution could be misleading.  Consumers need firewall protection, Web protection, antispam and identity safeguards – these are among the essentials when it comes to security, and you can only get them through a full Internet security suite provided by security experts.

The reality is that shareware and freeware vendors have been in the market for 20-plus years, it’s a crowded space and Microsoft is just joining the fray.  In addition, early reviews of the beta are showing that it underperforms when compared to existing freeware products, and well below paid solutions such as Norton AntiVirus.

June 23, 2009 | Filed Under Announcements, Security | Leave a Comment 

The Spy in your hand?

crystal-ballI came across an article in ‘Businesweek’ (June 15th, 2009) that caught my attention. It’s theme was that a new generation of user-friendly spy-phone software has become widely available in the past year or so. They note that more than 200 companies are selling spyware online, at prices as low as $50. What really was interesting was the estimation that 3% of mobiles in France and Germany are ‘tapped’ and that this rises to 5% in countries such as Italy and Greece. Now, it has to be admitted that the source of this estimate was a private-investigation outfit in Italy. That being said, James Atkinson a spy-phone expert at Granite Island Group, Massachusetts, puts the number of tapped phones at 3% in the US. I agree that all of this needs to be taken with a good pinch of salt; nonetheless it does get you thinking.

The current generation of spy-phone software has one major drawback and that is that you need to have access to the phone you want to tap to load the software onto it. That being said the Newsweek article goes onto outline that a new generation of mobile spyware that is being developed for law enforcement agencies will accompany a text message and automatically itself on the targets phone when the message is opened. The supposition being that the same technology could also make its way into the hands of criminals.

The article finishes off claiming that AV and security programs developed for computers require too much processing power, even for smartphones.  At the end of the day, the spy-phone software is just software, just as is the security software that can detect it and mitigate the risk. So I do not sign up for their presumption that smartphones are exposed. We are seeing the evolution and deployment of security software for smartphones.  There is a saying in our industry – ‘security through obscurity’. By and large, it can be seen to be a truism. At the moment, with smartphones this can also be seen. Given the number of mobile operating systems that are being used e.g. iPhone OS, Palm Web OS, Android, Windows Mobile, Symbian etc, it neatly segments the addressable market into smaller chunks that may diminish the attractiveness of any segment to the malware author. It may simply be a moment in time, but no doubt many would like it to hold for as long as possible. Thankfully, in term of actual numbers, the volume of malware for smartphones and applications such as spy-phone software is dwarfed by that created for the PC.  However, it is one area that needs to be taken seriously and a careful eye kept on it.

June 9, 2009 | Filed Under Market trends, Security, Technology | Leave a Comment 

The state of Spam and Phishing reports for May

spamI thought that you would be interested to learn that in addition to our monthly state of spam report, we have now added a monthly report on Phishing. In May we detected that 42% of phishing URLs were generated using phishing tool-kits. This shows just how prevalent the use of these kits is and how this is helping fuel the automation of these attacks.

Our state of Spam report for May, notes the reemergence of image spam during the month to some 6.5% of all spam (it did climb to 21.9% in one week). One consequence of this is that the average size of spam message has increased. Therefore, we have the annoyance that not only are there more spam emails (nearly 95% in May) and they are larger and take up even more valuable internet bandwidth. This link will take you to both reports.

June 8, 2009 | Filed Under Spam | Leave a Comment 

Symantec Supports FTC in Shutdown of Pricewert

istock_virus_1The BBC amongst other sites, is reporting that the US Federal Trade Commission has asked for an American ISP called Pricewert LLC to be shut down. Pricewert has been accused of knowingly distributing child pornography, viruses, spam, and other personal information, which hasn’t exactly endeared it to the FTC.
 
Symantec were approached to back up the FTC’s case with security data gathered through the use of our Global Intelligence Network, basically to provide a flavor of the type of malicious activity taking place on these sites.
 
Obviously I don’t just want to sound like I’m banging the corporate drum, but it’s pretty important that as a company we not only protect our customers but also work with enforcement groups like the FTC  to help stop malicious activity at its source, by eradicating the organizations that foster cybercrime.
 
Our Intelligence Network has a pretty incredible reach, and whilst it means we can keep our finger on the pulse, the Internet is a truly massive space and it takes cooperation across the whole industry to make sure that everyone has a safe and fruitful surfing experience.
 
Industry-wide cooperation is a topic I feel very strongly about and it’s something I hope to blog more about in the future, mainly because I want to make the consumer more aware of their role in the whole ecosystem. It’s all well and good governments, security vendors, ISPs and the like working together to secure the environment, but the consumer has more influence than they realise and getting them to unilaterally apply sensible surfing practices is the Everest that we’re all aiming for.

June 5, 2009 | Filed Under Miscellaneous, Regulation, Security | Leave a Comment 

Take that!

spy_eyeThe Guardian has published a story that suggests that UK and US security authorities are preparing themselves to strike back at the ‘bad-guys’ who misuse the internet. Hackers who attack defence or commercial computers in the US and UK in future may be in for a surprise: a counterattack, authorised and carried out by the police and defence agencies that aims to disrupt and even knock them off the net.

I am sure that many of you and the public at large would say: ‘about time too’ and ‘ serves them right’.  There is some sense of justice, if it were felt that the bad-guys could be brought to account and punished. The story in The Guardian refers to ‘secret plans’ and un-named senior officials, and generally, ‘people familiar with the topic’. As such, this is when we all have to start to take a sanity check on all of this.

This is an idea that has been around for a long time, and for as long as it has been around, nothing has come to pass. Why? I think it comes down to practicalities and to ethics. If it were that easy to be able to directly target and find the ‘bad-guys’ do you not think, the authorities would not have been doing something already? Exactly, tracking down the bad-guys is a tough and involved exercise. The other issue is that in ‘taking them out’, via denial of service approaches for example, is that you can impact and impinge upon other legitimate users of the internet. This is what is referred to as collateral damage.

The other consideration is ethics and the rule of law. It has long be suggested that in the real world, the Police and authorities know who most of the criminals potentially are. However, in most democracies to convict someone you need to prove cause and provide evidence. It is not just a matter of going along to the houses of known and suspected criminals and throwing them in jail or ‘taking them out’ so-to-speak. I believe that that the authorities who are involved in tracking down the cyber-criminals and ‘bad-guys’ have a very difficult and complex job. However, they need to continue to operate within the confines of what is both practical and ethical. They deserve our thanks and support and all the resources they need to help bring the rule of law to ‘net.

June 4, 2009 | Filed Under Identity theft, Miscellaneous, Regulation, Security | Leave a Comment 

Are your search results poisoned?

seoWould you even know?  I am sure that you, like me, spend some part of your working day entering words into a search engine as we try and get additional information to help us with our work tasks. The same can also be said in our own free time, wherein, we use search engines to find all manner of information to help organise and enliven our lives.

The following article caught my attention as it draws attention to the increasing focus that the cyber-criminals are putting into ‘optimising’ key words that, when put into a search engine, would lead someone to a site that they have setup and control. Once, you are on the site, they can then start to try and attack your PC directly, or by getting you to download a file that would contain malware. This whole approach is premised on them inserting themselves into legitimate terms, from there they work to optimise their sites so they appear further up the rankings, hence increasing the likelihood that someone would click through to their site.  The term that is being used to describe this attack approach is ‘search engine poisoning’. We have created a Podcast that details the motives behind search engine poisoning and provides information on how you can protect yourself.

June 2, 2009 | Filed Under Security, Technology | Leave a Comment 

Not backing-up Your Digital Life?

cloud1When was the last time that you did a back-up of your PC? It is a good question and an important one. We have recently conducted a survey to ascertain people’s views on back-up and you can follow this link to it. If you follow this link it will take you to a YouTube video we have also created on the results from this survey. We found that only one third of us carry-out a regular backup. Only one in five us backup all of our content..  There seems to be a consensus that the content we are gathering and creating on our PCs grows at circa 50% per year. That would suggest that backing up content is important. The reasons given for people not backing up are those of complexity and never seeming to have the time.  I believe that, as with a lot in our new digital life, the internet can also be the source of a solution. The ability to backup our important content to an online backup service is now here with us. It offers the ability to access your content from wherever you have access to the internet. You are no longer tied to, nor reliant upon, standalone hardware based backup.  The beauty of this approach is that the content can follow you around, not you having to go and chase it. That is why we here at Symantec have just released Norton Online Back-up, a web based backup service. It’s ambition is to make back-up convenient and simple and to provide the peace of mind that we all want and need when it comes to securing our digital life.

May 27, 2009 | Filed Under Announcements, Backup and restore, Data loss | Leave a Comment 

New end-points in need of protection?

digitalmediaThe commentators and experts are starting to turn their attention and share their opinions on the next internet revolution. What can it be? Well, there seems to be broad consensus that our favourite content is due to undergo a revolution in how it makes it way to us, as consumers.  There is an interesting piece in ‘ The Times’ on this very subject.From your favourite TV shows, to newspapers, magazines etc, we can have, anytime, anywhere, any-device access to it.

The sceptics out there will say – ‘heard it all before’.  However, I do think we are getting to a point of lift-off. The technology and devices could make this happen are starting to make real in-roads. The attention that the Amazon Kindle has gained in the past year is testament to it. In the US, the ‘Hulu’ on-demand access to TV shows and movies has proven itself very popular. Here in the UK, the BBC with the iPlayer has pushed the concept of ‘streaming’ and any-time access into the consciousness of the masses.

In prospect, what all of this means is the opening up of a potential new security considerations. At the end of the day, ‘content’ is digital and it is software, therefore it can be exploited as malware.  Time and attention is going to have to be given to the security issues attendant with this brave new world. Nobody is going to be happy if they download and pay for books, only for them to be scrubbed by a virus, or held to be subjected to ransom-ware.  I am sure this is a subject area and topic that we will all come back to (repeatedly) in the fullness of time.

May 13, 2009 | Filed Under Announcements, Security, Technology | Leave a Comment 

Next Page »