A new report out by security experts says that over 25 million new strains of malware were discovered in 2009, and that number is expected to rise in 2010. Trojans are the most popular type distributed, making up 66% of all malware, followed by Adware at 17%. Adware includes scareware such as fake anti-virus, fake registry cleaners, and fake anti-spyware programs. Viruses, spyware, rootkits and worms make up the remainder.

The report also identified Taiwan (62.20%), Russia (56.77%) and Poland (55.40%) as the countries with the highest levels of malware infected computers and Sweden (31.63%), Portugal (37.79%) and the Netherlands (38.02%) as the countries with the lowest infection levels. The United States is in the middle with about a 50% infection level. Many of these infections may not even be known to the user. Millions of computers have been turned into “zombies” and added to botnets.

Experts say malware attacks will be on the rise and become more and more sophisticated as scammers develop new techniques to avoid detection. Social networking sites will bear much of the brunt as spammers and scammers seek to take advantage of the huge audiences these sites attract. Facebook has 400 million members and Twitter over 15 million in the US alone.

As 2010 continues to unfold stay with All Spammed Up for the latest spam and security news. It’s going to be an interesting year.

Australian financial services firm CommSec was fined $55,000 (roughly $48K US) for violating that country’s Spam Act. The Australian Communications and Media Authority (ACMA) levied the fine after it launched an investigation into the company’s mail campaigns and found they were in violation of the Spam Act. That Act, like the CAN-SPAM Act, requires that all commercial email include a way to unsubscribe and that emailers honor those requests. The ACMA’s investigation, prompted by numerous consumer complaints, found that the company’s emails had no unsubscribe directions and that they ignored requests from consumers who asked to be taken off their mailing list.

          “ACMA expects that Australian businesses take note of this outcome,” ACMA chairman Chris Chapman said. “Under the Spam Act, every person has the right to unsubscribe from receiving commercial electronic messages and to have that request acted on effectively and quickly. The failure to act on a request can result in significant penalties if a business is found to have breached the Act.”

CommSec sent over 6 million advertising emails in 2009. The company says it has agreed to have an independent consultant to review its compliance systems and to also provide additional training to its staff.

A research team from two Californian universities has developed what it believes will be a game changing approach to defeating spam.

The researchers used a captured spam bot to analyze a sample of the spam emails that it produced and then used this information to reverse engineer the template that the spam emails were based upon.  Once this template was known 100% of further spam emails from that bot were successfully blocked while avoiding any false positives on one million genuine email messages in the test.

Leading anti-spam products in the market today claim up to 99% accuracy for spam detection and use sophisticated analysis techniques such as Bayesian filtering to reduce false positives.  However a large part of the fight against spam remains reactive.

Continue reading Researchers Analyze Bots to Beat Spam, But Will it Work?»

Compromised computers spew spam.

In judo, an attacker’s assets are turned into liabilities by a defender. The attacker’s attributes like weight and size are leveraged against the aggressor and used to neutralize him or her with a flip. A similiar tactic to fight spam propogated by botnets has been developed by an octet of researchers.

The team from the International Computer Science Institute in Berkeley, Calif. and University of California in San Diego–Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage–have developed a way to flip the software running a botnet so it assists spam fighters in blocking the cyber junk spewed by the malware.

Continue reading Botnet judo fights spam with a flip»

Experts say the Bredolab botnet is now linked to a spam engine called Webwail that has led to a huge spike in its activity. The spam it’s pumping out is nothing new-fake notifications from UPS claiming a package could not be delivered and directing the recipient to open the attached file to print out an invoice needed to pick it up. The attachment contains a hidden exe file that downloads the Cutwail Trojan and Webwail.

Webwail is a sophisticated engine that has library updates, a scripting engine and the ability to crack CAPTCHAs in 30 seconds or less. The engine also reports errors back to its command server so changes can be made quickly. Currently it’s being directed to create Hotmail accounts.

Captcha cracking is a hot business thanks to engines like Webwail. Botnet hearders and spammers advertise for people willing to crack them for .60 to .80  per 1000 CAPTCHA solved. Spammers want the free webmail accounts they can get by solving them so they can spam from an address not likely to be blocked by a spam filter.

Bredolab spent the holidays delivering the Zbot banking Trojan. Considered simplistic in the botnet world, Bredolab is little more than a “loader” that connects to a remote server, collects files, and executes them. Some experts think such loaders could be our next big threat.

Canada’s distinguished history magazine-an institution for almost 100 years, was forced to change its name due to the issues it caused with spam filters. The magazine’s former name, The Beaver, refers to Canada’s beloved national symbol, but it’s also a rather crude sexual reference to a female’s lower region. The magazine’s unintended connotation got it blocked by most spam filters. The magazine’s publisher intends to use the Internet to increase the magazine’s loyal but aging subscriber base.

          “There were some really unfortunate but practical reasons why The Beaver couldn’t be the universal brand,” said publisher Deborah Morrison. “That’s the factor why it was a deterrent — particularly amongst women and people under the age of 45. Unfortunately, sometimes words take on an identity that wasn’t intended in 1920, when it was all about the fur trade. People were literally writing us and saying, ‘We can’t get your e-newsletter because it’s being spam-filtered out, can you change the title of the heading?’ “

The magazine, which was launched in 1920, at first covered only the booming fur trade in the country, but over the past decade or so has expanded to cover all aspects of Canadian history. Its first issue under the new name-Canada’s History-will go on sale in April.

A zero-day bug in Microsoft Internet Explorer was a key element in an attack on Google and other companies last week. The attack, designed to ransack the Gmail of some Chinese human-rights activists managed to clip some of the Search King’s intellectual property in the process.

          “In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” Google said in a statement issued last week. “However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.”

“As part of our investigation we have discovered that at least 20 other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted,” Google added.

The attack illustrates that even the Google elite can be duped by a social engineering ploy wrapped in an email message. According to security experts, the email messages used by the attackers were targeted at specific Google employees likely to have access to valuable proprietary information on their company’s servers. The messages were carefully disguised to look as if they originated with sources the employees would trust.

Since the messages appeared to come from a trusted source, the Googlites didn’t hesitate in clicking links in the electronic epistles. Once that was done, the story took a familar turn. The links resulted in malware being downloaded to the employees’ computers. The malware exploited an unknown vulnerability in Internet Explorer and opened a back door on the compromised machines. The back door let the crackers snoop around the wounded computers and gain control over their operation, using them to identify meaty targets  and bleed valuable data from them.

Continue reading Browser flaw tied to attack on Google»

British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient. Continue reading ISPs Don’t Want to be Spam Cops»

In a sickening but unfortunately not surprising move, spammers and scammers have quickly moved to exploit the tragic earthquake in Haiti. Security experts say spam messages claiming to be fundraising pleas have begun hitting the web. Some of the spams come with the subject line “Help The Children in Haiti-Donate Today” and claim to come from musician Wyclef Jean’s charity Yele Haiti. Others claim to be collecting money on behalf of the Red Cross, Unicef and Doctors Without Borders and urge the recipients to send money to an office in the Philippines via Western Union. Another campaign claims to be from the “Haitian Disaster Response Agency”.

In addition at least 64 new websites have popped up since the earthquake, all with the word Haiti in them and with variations of words like quake, relief, and disaster. Experts say the amount of Haiti related spam and scams is expected to rise. It’s an old technique. Spammers and scammers use the hot topics of the day to both poison search results and get people’s attention with their spam. Last year everything from the H1N1 crisis to Michael Jackson’s death was exploited.

To protect yourself and your company, don’t give to any charity that you aren’t familiar with, asks you to send your donation via Western Union, or sends fundraising pleas via spam. When searching for news and information on the disaster, stick to familiar websites. If your company would like to do more to help, contact charities such as the Red Cross, Doctors Without Borders, and Unicef  directly and ask what they need.

If you want to help, you can text the word HAITI to 90999 to donate $10 to the Red Cross. All 4 major US cell providers have agreed to wave any messaging fees, and the donation will appear on your next phone bill.

Get rid of spam once and for all this year with ExchangeServerPro.com and GFI Software. Head over to ExchangeServerPro.com where Paul Cunningham is holding a Spam Free 2010 contest in collaboration with GFI Software and giving away two license packs of GFI MailEssentials™.

Two people have the chance of winning either the first prize which is a 50 user license pack or the runner up prize – a 25 user license pack.

For details on how to enter the competition check out Paul’s blog post. The deadline for the contest is 31 January 2010, Australian EST.