Tag Archive for SPAM

| October 2, 2014
Comments Off on Superman Most Dangerous on Web

Superman Most Dangerous on Web

Superman Most Dangerous on WebSuperheroes are supposed to be our friends but sometimes a plot twist allows their arch-enemies to trick our heroes turn against us. This is also true on the intertubes. Attackers are using our superheroes to infect computers to scam people into visiting compromised sites and downloading dangerous software according to Santa Clara, California-based McAfee.

The security company scoured the web and identified the most dangerous superheroes online. The report, “Most Toxic Superhero 2014” estimates how likely the average user is to come across malware by searching for the name of any given superhero.

McAfee lined up 11 likely suspects. They gathered viable threat evidence from popular search engines like Google (GOOG), Yahoo (YHOO), and Microsoft (MSFT) Bing for spyware, adware, spam, phishing, viruses, and other malware. The company also searched each superhero’s name in conjunction with common phrases like “free torrent download” and “free app,” as seeding fake torrents is a common way for attackers to infect computers.

The most dangerous superheroes online by percent of his search traffic leading to unsafe sites are:

  1. Superman 16.5%
  2. Thor 16.35%
  3. Wonder Woman 15.7% (tied)
  4. Aquaman 15.7% (tied)
  5. X-Man Wolverine 15.1%
  6. Batman 14.2%
  7. Black Widow 13.85%
  8. Captain America  13.5%
  9. Green Lantern 11.25%
  10. Ghost Rider 10.83%

McAfee tells citizen do-gooders to protect themselves by:

  • Beware of clicking on third-party links. You should access content directly from the official websites of content providers.
  • Ensure you use web protection that will let you know of risky sites or links before you visit them. Stick to official news sites for breaking news.
  • Don’t download videos from suspect sites. This should be common sense, but it bears repeating: don’t download anything from a website you don’t trust — especially video. Most news clips you’d want to see can easily be found on official video sites and don’t require you to download anything.
  • “Free downloads” are by far the highest virus-prone search term. Anyone searching for videos or files to download should be careful not to unleash unsafe content such as malware onto their computers.
  • Always use password protection on your phone and other mobile devices. If you don’t and your phone is lost or stolen, anyone who picks up the device could have access to your personal information online.
  • Don’t “log in” or provide other information: If anything asks for your information—credit card, email, home address, Facebook login, or other information—to grant access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.
  • Search online using an Internet security program in the background. These tools protect users from malicious websites and browser exploits. A complimentary version of McAfee’s SiteAdvisor software can be downloaded at www.siteadvisor.com

rb-

Whether you live in Metropolis or Gotham, do-gooders need not work very hard to avoid these scams. Avoid dark alleys where superhero websites tend to have the same flaws as any other unsafe page. Keep an eye out for typos and files that look suspicious. Run an Internet security program in the background (your antivirus or anti-malware program probably has one built-in). Lastly, check what other commenters say before downloading a torrent.

Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| August 16, 2013
Comments Off on Bach Seat Changes

Bach Seat Changes

Bach Seat Changes

Due to some recent problems with Bach Seat, I have deleted all subscribers and turned off subscriber’s rights to post. You can still follow me with the RSS feeds options on the sidebar over there ->

You will have to be a registered user to post here.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , ,
| September 22, 2012
Comments Off on SmartPhone Zombie Apocalypse

SmartPhone Zombie Apocalypse

SmartPhone Zombie ApocalypseIf you have a smartphone, online criminals may soon have your number. Smartphone malware is getting increasingly sophisticated, and MIT‘s Technology Review reports that a security researcher has created software that turns a smartphone into a “zombie” that can be controlled remotely. The blog says Georgia Weidman created the program, which controls a Google (GOOG) Android phone via short message service (SMS) to bring about a smartphone zombie apocalypse.

malicious software on mobile phonesOnce only theoretical, real-world cell-phone viruses are becoming more common. The article reports the most famous was a scam in Russia that tricked users into installing malicious software on Android phones and using the SMS functionality to send messages to a number that charged a premium fee. In late 2010, a Chinese virus for Android devices stole personal data according to the article.

Botnets have become a staple of Internet crime. They can be used to attack other systems, host attack tools, send spam, or just steal data. The blog says this type of attack has been rare with mobile devices, but that seems to be changing. “We have been taking down Internet botnets for years now, but there is not as much understanding [of telecom networking],” Ms. Weidman says. “I definitely see criminals going more and more toward using the telco’s network.”

zombie nodes of a botnetTR explains that Ms. Weidman’s program is one of the first known to turn smartphones into zombie nodes of a botnet. Her attack works like this: After infecting a phone with a rootkit, she uses that phone to send spam text messages, takes part in a denial-of-service, or degrade the communications of the phone—all without the user knowing. The techniques apply to any smartphone, Weidman says.

Today’s smartphones have multiple layers of defense. For one, they can block malicious applications. They also have managed channels, such as the Apple (AAPL) App Store and Google’s Android Marketplace, for applications.

botnet controlAs a result, Weidman says, infecting a smartphone is not easy. “The hurdle with any malware is infecting the phone,” she told Technology Review, noting that the methods used by cybercriminals usually do not work. “More of what you see of malware is people downloading applications for their phone that are infected,” she says.

The problem of cyber-criminals targeting consumers’ phones will only get worse Kevin Mahaffey, chief technology officer of mobile-security startup Lookout told the author. Because the control of phones is so easy to turn into cash via premium text messages, criminals will be drawn to attack the devices.

Lookout logo“I always tend to look at the economics of the problem to ask myself whether it will continue in the future,” the CTO explained. “And because there is an incentive for attackers to compromise mobile phones, and the cost of compromising is not that high, that says it will become more prevalent in the future.”

Using the telecommunications network, rather than the Internet, for botnet control allows attackers to hide their actions from users. When the attacker does it using malicious software, the user has little chance of detecting it, says Weidman.

smartphone botnet zombie“When I infected a phone in my botnet—my lab botnet—with malware, the smartphone would receive a message through SMS and I would check to see if it has botnet instructions in it,” she says. “If it does, it would perform the functionality requests, and then it would swallow the message, so the user does not know that there was a message at all.”

While phones do not have the computing power of more traditional computers, they are hefty enough to handle many of the tasks that cyber-criminals desire, she says. She adds that the sheer number of smartphones means that any botnet could be “a real threat” to create a smartphone zombie apocalypse.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 28, 2012
Comments Off on Romney Defeats Gingrich in US SPAM Primaries

Romney Defeats Gingrich in US SPAM Primaries

Romney Defeats Gingrich in US Spam PrimariesJust in time to get rid of all the annoying political ads on TV and radio leading up to the Michigan primary, GOP presidential wannabe Mitt Romney has been crowned King of political spam. His high-profile run as the leader for the 2012 nomination for the US presidential election has made him popular with spammers.

Mitt Romney is also the favorite politician of spammers. He is used to tout knockoff drugs and dubious bargains in junk e-mail according to a Bitdefender analysis of 8 million unsolicited messages spread in January.

Mitt RomneyRomney is mentioned in 45% of SPAM messages that reference US politics, ahead of second-placed Republican Newt Gingrich, who scored 33%. Romney’s name was most often used in scam messages that advertise low-interest loans or free credit score analysis while Gingrich was mentioned in junk mail promoting miraculous energy-saving devices that almost certainly don’t exist. The article says most of these offerings actually redirect the unwary user to survey site scams or knockoff drugs for sexual dysfunctions.

U.S. Republican hopeful Ron Paul came third in the BitDefender spammers’ list, with 12.2%. The most popular politician outside the Republican race that caught the spammers’ attention this year was Bill Clinton, with 4%.

BitDefender logoWinning Most-Mentioned Politician in Bitdefender’s spam survey is probably not an honor that many politicians want,” said Bitdefender E-Threats Analyst Bogdan Botezatu, who coordinated the spam study. “And I don’t think we’ll see spammers suddenly turning into political pundits. But the results could tell us which politicians spammers think are most likely to get a reaction from random e-mail readers. Spammers are, ultimately, after money and they’re essentially making a bet on popularity when they favor one politician’s name over another.”

The author says spam messages often use names of celebrities or politicians in fragments of news items in trying to give credibility to the message and to trick anti-spam filters that look for the percentage of links versus other words in the message.

Republican partyIn the BitDefender overall analysis of spam not filtered to include only political references – the Republican politicians were handily beat by celebrities including Jay Leno, Eva Longoria, Kobe Bryant, and even political commentator Rush Limbaugh.

rb-
I wrote about spammers hijacking celebrities ‘ identities to spread spam. In the past, Jay Leno and Heidi Klum have been called the most dangerous celebs on the web.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| February 23, 2012
One comment

McAfee Labs 2012 Threat Predictions

McAfee Labs 2012 Threat PredictionsComputer security company McAfee unveiled its Threat Predictions report (PDF), outlining the top cybersecurity threats organizations and individuals are likely to face in 2012. McAfee, a wholly-owned subsidiary of Intel (INTC), says that for the most part, 2012 looks like it will look like 2011 only worse, with many of the recent threats gaining momentum. Here are the predictions:

Industrial Attacks:Industrial Attacks: Cyber-criminals will target Water, electricity, oil, and gas utilities. These are essential services to everyday lives, yet many industrial systems are not ready for cyber-attacks according to McAfee. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. McAfee predicts attackers will leverage this lack of preparedness with greater frequency, if only for blackmail or extortion in 2012.

Legalized Spam: McAfee Labs says global spam volumes have declined in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing third-party email lists or databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile ThreatsMobile Threats: 2011 has seen the largest levels in mobile malware history, McAfee Labs expects that continue in 2012. They expect mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it seem that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

Embedded Hardware: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras, and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer and will enable attacks to gain greater control and keep up long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

countries prove their cyber war capabilitiesCyberwar: Countries are vulnerable due to massive dependence on computer systems and a cyber-defense that primarily defends only government and military networks. Many countries realize the crippling potential of cyber attacks against critical infrastructures, such as water, gas, and power, and how difficult it is to defend against them. McAfee Labs expects to see countries prove their cyberwar capabilities in 2012, to send a message.

Rogue Certificates: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

Legislative IssuesLegislative Issues: DNSSEC (Domain Name System Security Extensions) is designed to protect a client computer from inadvertently communicating with a host as a result of a man-in-the-middle attack. Governing bodies around the globe are taking a greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances where legislative issues hamper future solutions.

Hacktivism: McAfee Labs predicts that in 2012 digital disruptions like Anonymous will join forces with physical demonstrators and will target public figures such as politicians, industry leaders, judges, and law enforcement, more than ever before.

Virtual CurrencyVirtual Currency: McAfee Labs expects cryptocurrency will be an attractive target for cybercriminals.  to see threats evolve to steal money from unsuspecting victims or to spread malware.

Hardware Attacks: McAfee Labs expects to see more effort put into hardware and firmware exploits to create persistent malware in network cards, hard drives, and even system BIOS (Basic Input Output System). and their related real-world attacks through 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »