Posted by Laureli Mallek
Thu, 31 Jul 2008 17:55:00 GMT
Websense and IBM released security reports this week covering topics from spam to research on the impact of publicizing software vulnerabilities.
In his Security Fix blog post, Brian Krebs continues his coverage on badware distribution, prompted by the release of the report from Websense that includes data from the 40 million websites scanned hourly to collect computer security data. According to the Websense report, three quarters of all web sites containing badware, malicious downloads, are legitimate sites that have been hacked, and 60 of the Top 100 most visited websites have at one point during the last year “either hosted malware or forwarded visitors to malicious sites.”
Krebs writes that spam is still a major conduit to disseminate links to dangerously hacked websites:
According to Websense, nearly 30 percent of those links lead to sites that try to plant software which steals passwords and other sensitive data from victims. The remainder of the spam links attempt to install software that lets attackers control the systems from afar, and/or install additional software without the owner’s knowledge.
Badware authors target legitimate sites, using the prior relationship of trust established between that website and computer users to find holes in security system. Users who are familiar with programs such as NoScript, which blocks Javascript, Java, and Flash from executing without express permission of the user, will know that it is possible to allow scripts for specific trusted websites.
Network World’s Ellen Messmer discusses results from both of the reports. The IBM report tracked statistics relating to 3,534 disclosed software bugs. Messmer writes that “[a]ccording to IBM, 95% of all browser-related online exploits occurred within 24 hours of official vulnerability disclosure.”
On a more positive note, the IBM report finds that the incidence of image spam has been reduced, which has forced spammers for now to return to earlier methods. Yet spam and badware are driven by innovative badware writers, who work hard to stay ahead of security researchers. These reports highlight how important it is for computer users to be aware and use aggressive caution. Krebs recommends two excellent pointers to maintaining the sanctity of your computer:
- Disable automatic downloads.
- Browse the internet while using a User account that does not allow downloading or changing passwords or computer keys. This tip is applicable in any operating system, and protects users from absent-minded clicks that may lead to future infestation.
Posted in all | Tags badware, email, ibm, spam, vulnerability, websense
Posted by Laureli Mallek
Thu, 24 Jul 2008 21:18:00 GMT
Dancho Danchev has blogged repeatedly about the commercilization of badware producers, and this week he mentioned another example: outsourced email hacking. The hackers-for-hire promise that their seven-step process, from submitting the information of the would-be victim to proof of execution and exchange of money, will be cleaner and yield better results than other methods (phishing, viruses, etc).
Danchev ponders:
Too good to be true, but since they only charge after they provide you with a proof that they did the job, they could be in fact attempting to hack these emails, compared to the majority of cases where scammers scam the scammers.
But, how would you do business with people who make it their business to gain access without detection? Some email providers have stepped forward with more privacy features, for example Gmail has added a details feature allowing users to view their account history which logs time and IP addresses for recent access.
Another feature that I like: remote log-out, which should come in handy after logging into an account from a different machine, though it could become a hassle if your email is being controlled by a third party who decides to deny you access to your own email account.
Posted in all | Tags email, privacy, security
Posted by Laureli Mallek
Fri, 30 May 2008 18:58:00 GMT
Alex Eckelberry at Sunbelt noted a nifty phishing development: embedded forms. Phishers are spoofing forms from reputable sources- think PayPal, large banks, etc. Considering the advances in phishing: correllating name, position, and email addresses for high-level corporate interests; these emails may look very convincing in the future.
There is some irony in the content of this phishing message, which warns users that their accounts may have been highjacked by a third party – aside from the tense, the sentence is honest. Eckelberry writes: “This makes things easier: No phishing site to have to maintain. No browser-based phishing filters to worry about.” And a bit more of a pain for users.
Remember to be skeptical in cases when “service providers” diverge from normal protocols. Checking with the service provider (though not by clicking on links contained in the email) can help you avoid phishing pitfalls.
Posted in all | Tags email, phishing
Posted by Erica George
Fri, 07 Sep 2007 20:53:00 GMT
You may have received an email over the past few days with a message about online privacy – a common subject line being “You are being watched online.” The messages urge the reader to download Tor, a distributed anonymity program popular as a tool to circumvent censorship. Unfortunately, the links in these messages don’t lead to the actual Tor download, but to a dangerous rogue application and pages that attempt to install badware on the user’s machine.
The real Tor website is located at tor.eff.org, and the real Tor software can be downloaded there. Legitimate copies of Tor are verifiable through instructions on the Tor website.
Rogue applications attempting to hijack the popularity of legitimate programs are unfortunately all too common. For example, many rogue applications purport to be anti-spyware tools but are in fact themselves damaging. It’s always a good idea to check out the reputation of any software you’re considering installing, and to verify that the version you’re considering comes from a reputable source. Similarly, be wary when following links in emails from sources you don’t know. An unsolicited link could lead to a page hosting drive-by badware downloads.
You can read more about the Tor spoof in BoingBoing and PC World.
Posted in all | Tags drivebydownload, email, rogue, scams, tor
|
