Internet Danger Report

RSS Feed-Posts RSS Feed-Comments

July 2009
M	T	W	T	F	S	S
« Jun
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Archives

« Older

Loading Newer »

Botnetweb

Published June 18th, 2009 in Botnets and Viruses. 0 Comments

A new digital age vocabulary word has just been coined: “botnetweb.“

You know what a botnet is: a collection of hijacked PCs under the control of a hacker (botmaster).

Link a bunch of botnets together and you get a botnetweb, a compilation of millions of PCs.

In a PC World article published yesterday, Ed Larkin writes:

Botnetwebs don’t just enable crooks to send spam or malware to millions of PCs at once. They also represent a highly resilient infection that uses multiple files. An attempt at disinfection might eliminate some files, but those left behind will often redownload the scrubbed ones.

Another new challenge to your security software suite, with some new twists. There’s evidence ”of cooperation and coordination among major spam botnets, representing a sea change in the way malware works.“ And botmasters now use multiple malware files, further reducing the chances that your anti-virus package will catch and erase the complete infection. You can’t assume that when your anti-virus reports that an infection has been removed, your PC is clean. Other malware, working as a kind of back-up, likely is still there.

One suggestion is to download and run several anti-malware tools. But that tactic brings its own perils.

The best answer is to have a service manage your security for you, and handle the maintenance, too, just like big corporations do. You’ll have highly trained experts managing your security software and keeping your PC clean and running at its best for a small monthly fee. It’s cheaper than the do-it-yourself method and it works better.

This kind of service isn’t just for companies anymore. It’s a brand new category of service for consumers and small business owners called ”Personal Computer Services.“ It allows you to turn over all the headaches of PC ownership to qualified experts for about $15 a month.

Markets Dive, Crooks Thrive

Published October 10th, 2008 in CyberCrime and Uncategorized. 0 Comments

Recession is in the minds of people all over the globe, as market values tumble and panic sets in. But there is one group that won’t be participating in this recession: online criminals.

Organized crime now controls more computing power than any government on earth, through vast armies of zombie computers, all programmed by and under the command of these crime lords.

The ability to send out billions of scam emails is one example of this computing power.

In the current financial crisis failing banks are being acquired by larger, healthier institutions. Criminals were quick to see the opportunity, and have mounted new phishing scams related to these takeovers.

Here’s an alert that I received today from the company that protects my computer.

Phishing scams may appear as requests for users to verify personal and bank account information, enroll in additional bank services, or activate new security features. The email messages may contain a link that, when clicked, will take the user to a fraudulent web site that appears to be a legitimate bank web site. The users may be asked to provide personal information that can further expose them to future compromises. Additionally, these fraudulent web sites may contain malicious code giving complete control of your computer to hackers.

You may think that you’d never fall for one of these scams, and I hope you’re right. But these scam artists a very clever. An email will have the bank’s actual logo, the message may be well written and plausible, and include a link with the bank’s real name, but that link is fake and it will take you to a fake website.

Always remember, banks do not ask their customers for account numbers or other information. They already have it!

My security service provider is INVISUS Direct. Here’s what it recommends to keep safe from cyber-crime:

Make sure your computer is updated and scanned regularly (as scheduled or done manually) with the INVISUS security suite.

Ensure that your Windows desktop protection is current by going to Windows Update. Confirm that you have an updated antivirus software program running on your PC.

Don’t click links or call telephone numbers included in suspect messages. Instead, contact the bank directly by using phone numbers or addresses listed in published directories.

Don’t open e-mail attachments. In particular, e-mail attachments with “.scr,” “.com” and “.exe” file extensions are likely malicious.

New Online Cyber Crime Show

Published October 2nd, 2008 in CyberCrime. 0 Comments

I took some time today to watch episode one of The Security Show: Cybercrime, hosted by Microsoft’s Kai Axford. Axford interviews an FBI spokesman, who remains off camera. It’s an interesting discussion, and one of the things you’ll learn if you watch it is that the feds are pretty worried about cyber crime. They lack the resources to investigate more than a small percentage of the crimes that come to their attention. So there are criteria. Among them is a minimum dollar loss that the victim must suffer.

A new law signed last week by President Bush seeks to make it easier for prosecutors to go after cybercrooks. The new law eliminates the minimum of $5000 loss set by the old law, but it covers only computers “used by or for the federal government or a financial institution.” No help here for consumers victimized through their own computers.

Most cyber crimes go unreported, much less solved.

Last week PC Magazine had an article titled, “The 10 Most Mysterious Cyber Crimes.” These are famous cases where a lot of law enforcement resources were engaged, but no criminal was ever caught. Part of the article’s subtitle reads, “These are 10 of the most infamous unsolved computer crimes (that we know about).”

The truth is that uncounted thousands of e-crimes are committed every day by sophisticated criminals using millions of zombie computers to do their jobs. The few arrests that are made are too often the unwitting “accomplice” in the crime: the innocent owner of the offending PC traced by law enforcement officers.

National Cyber Security Awareness Month

Published October 1st, 2008 in Botnets. 0 Comments

October, I learned this morning, is National Cyber Security Awareness Month.

So cyber criminals now have their own month. And why not. Criminal gangs now own a huge chunk of the Internet, simply by silently taking control of millions of PCs owned by individuals and small businesses. So they deserve a little special recognition.

Never in history have a few bad guys been able to invade mass populations, occupy private homes, and rarely be noticed by their victims.

The bad guys use an ever-growing set of tools to infect computers and turn them into “bots.” They deploy vast armies of these Web robots to deliver spam (either for themselves for for paying spammer clients), distribute pornography, shut down target websites with denial-of-service attacks, and steal personal information for sale to identity thieves.

The cyber crooks are also the most successful criminals in history. They rake in more cash than the drug lords, and rarely get caught. They don’t get shot at much either. It’s a nice, safe, lucrative business.

Is your PC a captive of a criminal gang? Only an expert can tell. The security software that came with your machine, or that you bought at a store or downloaded on the Internet won’t find the malicious software placed there by a bot-herding criminal.

Graham Cluley

Published September 29th, 2008 in Internet Security, Spyware and Viruses. 0 Comments

I’d like to introduce Graham Cluley, one of the world’s leading experts in viruses and spam, and Senior Technology Consultant at Sophos Labs. Sophos is a leader in security technology, whose customer list includes many of the world’s largest corporations, financial institutions, universities, and government agencies.

Cluley recently started a wonderful blog on security, written primarily for a business audience, but in layman’s language that’s easy to understand. He writes on everything “From anti-flappertanknibbles to zombies,” as his tag line proclaims.

In his post today, Graham warns about the newest fake anti-virus product, which pretends to be a “Free Norton Anti-virus 08.”

Downloading almost anything these days is risky. But downloading free anti-spyware or anti-virus software is downright dangerous. The technologies of security are so complex, so costly to keep updated, that it is just not possible to provide a reliable or effective AV or Anti-Spyware package at no cost. Not all of these offers are from crooks, of course. But keep in mind that today’s malware authors are employed by well funded criminal organizations. Keeping up with them takes large staffs of experts, and that takes money.

“Free” security software just isn’t free.

Sophos security software is not sold in stores or on the Internet. You have to have your own IT staff to qualify to buy it.

The good news is, you can now have the protection of Sophos software and your own team of experts to keep you safe and keep your computer running like new. It’s Personal Computer Service available by subscription from INVISUS® Direct, a Utah based direct marketing company. In the interest of full disclosure, I’ve been an Associate of the company for almost 4 years.

Cybergangs Mimic Mafia

Published July 16th, 2008 in CyberCrime, Identity Theft and Internet Security. 0 Comments

Web security company Finjan released a report today in which it shows how cybercrime has evolved into a “well-structured business model.” It even calls cybergangs “companies,” and makes convincing comparisons with La Cosa Nostra.

Emil Protalinski at Ars Technica published a fascinating article today on the Finjan study titled Report: cybercrime groups starting to operate like the Mafia. I recommend reading the full article, but these two paragraphs grabbed me:

Cybercrime companies that work much like real-world companies are starting to appear and are steadily growing, thanks to the profits they turn. Forget individual hackers or groups of hackers with common goals. Hierarchical cybercrime organizations where each cybercriminal has his or her own role and reward system is what you and your company should be worried about. Targeted attacks against financial institutions, enterprises, and governmental agencies, coupled with excellent management of stolen data, makes these “businesses” highly successful, and makes any organization using the Internet vulnerable.

Finjan describes the employee structure that these cybercrime companies employ as being similar to the Mafia. In both cases, there is a “boss” who operates as a business entrepreneur and doesn’t commit the (cyber)crimes himself, with an “underboss” who manages the operation, sometimes providing the tools needed for attacks. In the Mafia, several “capos” operate beneath the underboss as lieutenants leading their own section of the operation with their own soldiers, and in cybercrime, “campaign managers” lead their own attacks to steal data with their “affiliation networks.” The stolen data are sold by “resellers,” similar to the Mafia’s “associates.”

Mr. Protalinksi includes this chart from the full 21-page Web Security Trends Report showing the hierarchy of the digital mob, titled “Bosses, underbosses, and capos.”

Cybercriminals organization chart

Looks just like a company organization chart, doesn’t it? And that’s just what it is: a cybercrime company. Compare it with this Mafia organization chart.

How likely is it that you personally will be touched by the greatest crime wave in history? Well, there’s a good chance that your personal information is already for sale. You have something criminals want. You may not have much money, but you do have an identity and a social security number. The odds are about 1 in 4 that you or someone close to you will be a victim this year. Are you OK with that?

Iran War Report a Hoax to Invade Your PC

Published July 14th, 2008 in CyberCrime and Worms & Trojans. 0 Comments

Hackers are using a phony news report to trick people into going to a malicious web page that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion. The text under the picture reads,

"Just now US Army's Delta Force and US Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran's Army resistance. The video made by US soldier was made today morning. Click on the video to see the first minutes of the beginning of World War III. God save us".

Click on the ‘video player’ and you run the risk of being infected by a Trojan horse, designed to compromise your computer.

The fake news story is headlined in spam emails with subject lines like “US Invades Iran,” “Third World War Has Begun“, and “20000 US Soldiers in Iran.”

“Hackers are taking advantage of the fact that many people today get their fix for breaking news via the internet. People, especially those with loved ones in the Middle East, may rush to watch the video without engaging their common sense,” said Graham Cluley, senior technology consultant at security and control firm Sophos in a news release about the scam.

The Sophos report also noted that this is not the first time that news about rising tensions between Iran and the West has been exploited by hackers. In 2005, a widespread spam campaign pretended to be a link to news about the controversial decision by Iran to continue work at a nuclear plant, but was really an attempt to infect users with a Trojan horse. The year before, the Cycle worm dropped a message complaining that European governments were supporting the regime in Tehran, because of the war in neighboring Iraq.

The Internet Dodges a Bullet

Published July 8th, 2008 in CyberCrime, Internet Security and Phishing. 0 Comments

Today, thanks to the collaboration of a number of industry giants, the Internet dodged a bullet aimed right at its heart, DNS, the system that directs all Internet traffic.

DNS (for Domain Naming System) is the foundation of the Internet, the system that routes your request to download websites to your computer, similar to the system that routes your phone calls to the numbers you dial. Had criminals found the flaw that made DNS vulnerable, hackers could have taken over the entire Internet, directing all traffic to their own phony websites.

A number of major software and hardware makers, among them Microsoft, Sun, and Cisco, worked in secret for months to develop the patch that was released today. Complete stories here and here.

Happy birthday, America

Published July 4th, 2008 in Botnets, CyberCrime and Worms & Trojans. 0 Comments

Today, we Americans celebrate Independence Day…our 232nd birthday. It’s a day of parades, family get-togethers, barbecues, and fireworks. A day for relaxing and fun. A day for reflecting on the wonder of the American experiment.

Cyber-crooks will be launching some fireworks of their own, flooding cyberspace with millions of booby-trapped e-greeting cards. Experts are expecting a new round of Storm worm infections, and other bits of malware designed to turn your computer into a bot. A bot, or Zombie, hijacks your PC and puts it under the complete control of the bot master.

So, make it a safe Fourth of July. Be careful with fireworks. And don’t open any e-greeting cards. Not even from your mother.

What’s wrong with credit monitoring?

Published July 3rd, 2008 in Identity Theft. 1 Comment

Good question. There’s really nothing wrong with credit monitoring. In fact, you should monitor activity on your credit records. You can do that fairly easily for free. Or you can pay one of those companies that tell you that you can prevent having your identity stolen by putting yourself in their hands.

That cute guy in the crab shack singing the catchy jingle about how he shoulda called Free Credit Report Dot Com and he wouldn’t be waiting tables.

Todd Davis, the Life Lock founder who says he’s so confident in the service that he broadcasts his own Social Security number. Great gimmick. What he doesn’t advertise is that he pays a different company to clean up the mess every time his SS# is used by a fraudster. Lawsuits against Life Lock are little noticed, but the company is catching a steady stream of legal flak.

And a flock of others selling the idea that all you have to do to protect your identity is watch your credit. Put a freeze on it. Add a fraud alert. Not true.

The problem is that credit monitoring is not identity protection.

It’s not about your credit, it’s about your identity.

The plain truth is that just 33 percent of all identity theft cases are related to credit or credit fraud. The rest–the 67% majority of all identity theft crime–comes from other sources of personal information, as I pointed out in my last post.

Identity theft is too serious a threat, too severe a crime, too traumatic an experience, to take chances on weak measures or a partial solution. Make sure the identity protection service you select meets these five criteria:

Protects your whole identity, not just your credit.
Protects your entire family, including children, who are prize targets because it usually takes years for the crime to be discovered.
Monitors your whole identity, watching out for all forms of identity theft, including credit fraud. That means scanning thousands of databases constantly, watching for any appearance of your name and social security number.
Provides comprehensive recovery in the event your identity is stolen. Comprehensive means having trained professionals handle every detail of the recovery process for you until pre-theft status is achieved.
Covers children up to age 25 (so college students are protected). You should be covered even if the crime is committed by a family member.

I know of only one product that meets all five, and more. It’s called iDefend, and it’s not advertised on radio or TV. The company says that would produce too much growth too fast, and quality would suffer. As it is, thousands of new customers are subscribing to iDefend every month. You can find out more about it here. (Full disclosure: I was so impressed with the company that I joined its partner program.)