Microsoft has won court endorsement to shut down a global network of computers which it says is guilty for more than 1.5bn spam messages every day.
A US judge approved the firm's request to shut down 277 internet domains, which it said were used to "command and control" the so-called Waledac botnet. A botnet is a network of infected computers under the control of hackers. The firm said that closing the domains would mean that up to 90,000 PCs would stop receiving orders to send out spam.
A recent study by the firm found that between 3-21 December "approximately 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone". It said it was one of the 10 largest botnets in the US.
Machines in a botnet have usually been infected by a computer virus or worm. Typically, users do not know their machine has been hijacked. Microsoft said that although it had successfully shut down the network, thousands of computers would still be infected with malware and advised people to run anti-virus software.
The court order was part of what was called "Operation b49". Microsoft said it was the result of months of analysis and described it as a legal first. "This action has quickly and effectively cut off traffic to Waledac at the .comor domain registry level, severing the connection between the command and control centres of the botnet and most of its thousands of zombie computers around the world."
A US judge approved the firm's request to shut down 277 internet domains, which it said were used to "command and control" the so-called Waledac botnet. A botnet is a network of infected computers under the control of hackers. The firm said that closing the domains would mean that up to 90,000 PCs would stop receiving orders to send out spam.
A recent study by the firm found that between 3-21 December "approximately 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone". It said it was one of the 10 largest botnets in the US.
Machines in a botnet have usually been infected by a computer virus or worm. Typically, users do not know their machine has been hijacked. Microsoft said that although it had successfully shut down the network, thousands of computers would still be infected with malware and advised people to run anti-virus software.
The court order was part of what was called "Operation b49". Microsoft said it was the result of months of analysis and described it as a legal first. "This action has quickly and effectively cut off traffic to Waledac at the .comor domain registry level, severing the connection between the command and control centres of the botnet and most of its thousands of zombie computers around the world."
Labels: Botnet, spam email, Spam messages
Posted on Thursday, February 18, 2010
Websense Security Labs has published its semiannual State of Internet Security statement and, as usual, it makes for pretty interesting if somewhat scary reading.
The last six months of 2009, the report is based upon the findings of the ThreatSeeker Network which is used to determine, classify and monitor global Internet threats and trends politeness of something called the Internet HoneyGrid. This includes of honeyclients and honevypots, reputation systems and advanced grid computing systems, all of which join to parse through one billion pieces of content every day while searching for security threats. Every single hour the Internet HoneyGrid scans some 40 million websites for malicious code as well as 10 million emails for unnecessary content and malicious code.The HoneyGrid have information about the Internet security threatscape for Q3/Q4 2009?
Here are the key answers:- 13.7% of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) led to Malicious.
- The second half of 2009 revealed a 3.3% decline in the increase of malicious Web sites evaluate to the first half of the year. Websense Security Labs considers this is due to the increased focus on Web 2.0 properties with higher traffic and multiple pages.
- However, similarities the second half of 2009 with the same period in 2008, Websense Security labs saw an standard of 225% growth in malicious Web sites.
- 71% of Web sites with malicious code are rightful sites that have been compromised.
- 95% of user-generated posts on Web sites are Unsolicited or malicious.
- Consistent with last year's, 51% of malware still connects to host Web sites registered in the United States.
- China has second most popular malware hosting country with 17%, but during the last six months Spain skipped into the third place with 15.7% despite never having been in the top 5 countries before.
- 81% of emails during the second half of the year contained a malicious link.
- Websense Security Labs recognized that 85.8% of all emails were spam.
Posted on Thursday, February 11, 2010
'Sophos' which is an Internet security company states that the cyber criminals enlarged their attacks at a frightening rate during 2009, making users of Twitter and Facebook susceptible to malware, spam and identity theft.
Sophos, while conducting a poll of 500 company participants discovered that malware and spam attacks through social networking websites leaped 70% during 2009. The report was over 50% of survey respondents was targeted by spam and 36% reported of being attacked by malware, both through social-networking websites.
The reason for such a high increase was that the people were using social networks for longer periods and shared their valuable and confidential private information with other visitors. This paved way for the hackers to sniff such data to make money, as reported by The Hindu on February 2, 2010.
Furthermore, the report finds that 72% of the responding companies are worried about employees' surfing habits on social-networking websites that can cause danger to their businesses by putting corporate data and infrastructure at risk.
On being asked, which social-networking website in their judgment accounted for the furthermost online risk, 60% of them mentioned Facebook, 18% MySpace, 17% -Twitter and 4% -LinkedIn.
They further contented that attacks via social networks were pretty lower than malware and spam attacks executed through e-mails, the volume of social networking assaults during January-December 2009 was high enough to cause worry, as reported by V3 on February 2, 2010.
They also added that while people were scanning their e-mails for Trojans and spam, social-networking websites worked as another medium for attacking business. Finally the conclusion was users tended to click on web-links with a belief that they had come from someone known on the social network.
According to security researchers, the social-networking websites are humanizing their tracking down and blocking systems. They still believe that these websites and their inestimable members should step up their action additional for self defense against well-organized cyber-crime as well as against the danger of being maltreated by malware attacks, scams and identity theft.
Labels: spam email
Posted on Wednesday, February 10, 2010
Facebook is no longer alone in its troubles. Twitter is also becoming a target of phishers. The last few days have seen a slew of Twitter phishing attacks, possibly orchestrated in a chess-like multi-move plan that resulted in three sets of victims and, very likely, some seedy profits.
The scheme appears to have begun Thursday with the creation of bogus Twitter accounts, which the scammers used to "follow" other users, says Rik Ferguson, a senior security advisor at security-software maker Trend Micro. If these users checked out the profiles of their new followers and clicked on the Web addresses there, they were redirected to a fake Twitter site where they were prompted to hand over their passwords. In a smooth move, the site's address was tvviter.com (notice the double "v" and single "t"), likely an effort to reassure anyone who glanced at the address bar.
To increase the odds of this all happening, the bogus twitterers were usually "hot women," Mr. Ferguson says. "It's always preying on blokes being stupid, which is about right."
From there, the marks were passed back to the real Twitter and provided some additional new, hot followers. If they visited those followers' profiles and clicked on the Web links there, they were off to see some fairly X-rated "dating" sites. Mr. Ferguson suspects the scammers were earning money from the dating sites for each click from these potential customers.
The phishers also launched another phishing effort. From the accounts they compromised, they tweeted messages cheerfully telling followers "there is this funny blog going around" and offering a shortened URL that led, once again, to a fake Twitter page encouraging people to type in their passwords. Within a few hours, thankfully, Twitter cleaned up all these messages about the funny blog and reset those peoples’ passwords.
But there was still the matter of people who went to read the "funny blog" and gave away their passwords. Twitter didn’t know who this third group of victims were. Well, that mystery may have been solved on Sunday, when hacked accounts were used to tweet large amounts of spam pushing $5 acai berry diet supplements. (Those were soon followed by apologetic tweets from the owners of said accounts.)
Here are some tips on how avoid getting caught up in these kinds of phishing scams:
The scheme appears to have begun Thursday with the creation of bogus Twitter accounts, which the scammers used to "follow" other users, says Rik Ferguson, a senior security advisor at security-software maker Trend Micro. If these users checked out the profiles of their new followers and clicked on the Web addresses there, they were redirected to a fake Twitter site where they were prompted to hand over their passwords. In a smooth move, the site's address was tvviter.com (notice the double "v" and single "t"), likely an effort to reassure anyone who glanced at the address bar.
To increase the odds of this all happening, the bogus twitterers were usually "hot women," Mr. Ferguson says. "It's always preying on blokes being stupid, which is about right."
From there, the marks were passed back to the real Twitter and provided some additional new, hot followers. If they visited those followers' profiles and clicked on the Web links there, they were off to see some fairly X-rated "dating" sites. Mr. Ferguson suspects the scammers were earning money from the dating sites for each click from these potential customers.
The phishers also launched another phishing effort. From the accounts they compromised, they tweeted messages cheerfully telling followers "there is this funny blog going around" and offering a shortened URL that led, once again, to a fake Twitter page encouraging people to type in their passwords. Within a few hours, thankfully, Twitter cleaned up all these messages about the funny blog and reset those peoples’ passwords.
But there was still the matter of people who went to read the "funny blog" and gave away their passwords. Twitter didn’t know who this third group of victims were. Well, that mystery may have been solved on Sunday, when hacked accounts were used to tweet large amounts of spam pushing $5 acai berry diet supplements. (Those were soon followed by apologetic tweets from the owners of said accounts.)
Here are some tips on how avoid getting caught up in these kinds of phishing scams:
- Be careful what you click on. It may be part of a phishing ploy and, worse, it could be malicious.
- Before entering your login name and password in a Web site, check the address bar carefully to make sure you’re on the site you think you're on.
- Be especially wary of shortened URLs, which could obfuscate a bad site. To check where they lead, visit longurl or install one of its Firefox plug-ins, which let you hover over a shortened link and see the true destination before you click.
- Change your password immediately. And if you have used that password for other sites, change those too.
- Protect your friends by deleting phishing or spam messages from your Twitter feed, Facebook Wall or wherever they were posted or by warning them not to click on URLs in a scam email seemingly from you.
- Run an antivirus scanner, especially if you have a Windows PC. There are many free ones, including from Symantec and Microsoft.
Labels: ATM Scam, email spam, Nigerian Spam, spam news
Posted on Friday, June 19, 2009
Verizon Wireless is continuing its crackdown on wireless scams with a Tuesday lawsuit against several companies accused of sending unsolicited, mortgage-related text messages.
Verizon filed suit against Pennsylvania-based Money Warehouse, Inc., known as All State Mortgage Lender, and other unnamed companies for allegedly sending 800,000 spam text messages to Verizon Wireless customers and employees beginning in February 2009.
Verizon filed suit in U.S. District Court in Trenton, N.J., accusing the companies of violating the Federal Telephone Consumer Protection Act, which bans the use of an auto-dialer to contact wireless customers.
"At a time when many Americans are concerned about making their mortgage payments, these types of unwanted text messages, from unknown senders, can be upsetting," Steven E. Zipperstein, vice president and general counsel at Verizon Wireless, said in a statement. "Our company will continue to work diligently to stop these people who break the law and harass our customers."
Late last month, Verizon reached a $50,000 settlement with St. Louis-based National Auto Warranty Services and Florida-based Explicit Media for making illegal telemarketing calls promoting car warranties.
SOURCE : http://www.pcmag.com/article2/0,2817,2346542,00.asp
Verizon filed suit against Pennsylvania-based Money Warehouse, Inc., known as All State Mortgage Lender, and other unnamed companies for allegedly sending 800,000 spam text messages to Verizon Wireless customers and employees beginning in February 2009.
Verizon filed suit in U.S. District Court in Trenton, N.J., accusing the companies of violating the Federal Telephone Consumer Protection Act, which bans the use of an auto-dialer to contact wireless customers.
"At a time when many Americans are concerned about making their mortgage payments, these types of unwanted text messages, from unknown senders, can be upsetting," Steven E. Zipperstein, vice president and general counsel at Verizon Wireless, said in a statement. "Our company will continue to work diligently to stop these people who break the law and harass our customers."
Late last month, Verizon reached a $50,000 settlement with St. Louis-based National Auto Warranty Services and Florida-based Explicit Media for making illegal telemarketing calls promoting car warranties.
SOURCE : http://www.pcmag.com/article2/0,2817,2346542,00.asp
Labels: 419 scam, 419 Scam fraud, email scam, lottery scam, Nigerian Scam, scam, spam, spam news
Posted on Wednesday, June 17, 2009
Last week, several students fell victim to a scam involving spamming and phishing attempts that appeared to come from the "Lawrence IT network." According to ITS Director Steve Armstrong, phishing is the more serious problem, because it makes individuals think that the spam comes from a trustworthy source - in this case Lawrence University.
Spamming is an easy way for hackers to generate money - however, in order to do so, hackers must avoid the anti-spam programs on computers by first "phishing." According to Microsoft.com, "Often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site." After phishing, the hacker gains access to a legitimate account to start sending thousands of messages.
"The best way to spam is to use a legitimate e-mail account in an established organization - like Lawrence," said Armstrong. "Essentially, someone, usually pretending to be from the IT department, asks for the recipient to send them their username and password. Once they have this information, the 'bad guys' use it to take over the compromised e-mail account, and then they send thousands of spam messages."
According to Armstrong, the phishing attempts were targeted at the entire Lawrence community. However, only users who respond to the e-mails end up with compromised email accounts. In addition to compromising e-mail accounts, the spam slows the Lawrence network, wastes ITS staff resources and slows down the delivery of e-mail messages.
Although phishing has been a problem in the Lawrence network in the past several years, the recent amount of it is higher than normal. However, Armstrong noted that none of the phishing or spamming attempts have come from inside campus.
An email from ITS warned students to be wary of opening messages and sending personal information in an e-mail. If students have any doubts about the authenticity of an email, they should forward it to ITS or delete it. If a student has opened and replied to one of these messages, he or she should change his or her password and notify ITS immediately.
"The most important thing is to not give your username and password to anyone - especially not in an e-mail message," Armstrong said.
SOURCE : http://media.www.lawrentian.com/media/storage/paper409/news/2009/05/22/News/Students.Receive.Spam.EMail-3743135.shtml
Spamming is an easy way for hackers to generate money - however, in order to do so, hackers must avoid the anti-spam programs on computers by first "phishing." According to Microsoft.com, "Often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site." After phishing, the hacker gains access to a legitimate account to start sending thousands of messages.
"The best way to spam is to use a legitimate e-mail account in an established organization - like Lawrence," said Armstrong. "Essentially, someone, usually pretending to be from the IT department, asks for the recipient to send them their username and password. Once they have this information, the 'bad guys' use it to take over the compromised e-mail account, and then they send thousands of spam messages."
According to Armstrong, the phishing attempts were targeted at the entire Lawrence community. However, only users who respond to the e-mails end up with compromised email accounts. In addition to compromising e-mail accounts, the spam slows the Lawrence network, wastes ITS staff resources and slows down the delivery of e-mail messages.
Although phishing has been a problem in the Lawrence network in the past several years, the recent amount of it is higher than normal. However, Armstrong noted that none of the phishing or spamming attempts have come from inside campus.
An email from ITS warned students to be wary of opening messages and sending personal information in an e-mail. If students have any doubts about the authenticity of an email, they should forward it to ITS or delete it. If a student has opened and replied to one of these messages, he or she should change his or her password and notify ITS immediately.
"The most important thing is to not give your username and password to anyone - especially not in an e-mail message," Armstrong said.
SOURCE : http://media.www.lawrentian.com/media/storage/paper409/news/2009/05/22/News/Students.Receive.Spam.EMail-3743135.shtml
Labels: 419 Scam fraud, email scam, Nigerian Scam, Nigerian Spam, spam news
Posted on Monday, June 15, 2009
Increasing Botnet Network Pushing Researchers to Take Offensive Approach
Rodel Mendrez, threat analyst with M86 Security, said in a blog posted January 7 that when the botnet was shutdown, the researchers were not sure about the actual size of the Lethic botnet, as per the news published by securecomputing.net.au January, 2010. But botnet is at present responsible for nearly 8-10% of spam in the firm's trap, it is figured out by M86 as a sizeable botnet.
He added that majority of command and control (C&C) servers of this botnet are hosted by a Chicago-based ISP. M86 Security also estimated that after Rustock (32.8%), Mega-D (21.6%) and Bobax (12.1%), Lethic was the fourth most common botnet. The Bagle 2 botnet was responsible for only around 1.9% of spam distributed.
Paul Wood, MessageLabs Intelligence senior analyst at Symantec, also gave his views on Lethic's development and activity. He said that this botnet has been under observance by Symantec Hosted Services since December 31, 2009. The botnet was responsible for 2.5% of total spam volume during the month, reported SC Magazine on January 11, 2010.
Apart from the shutdown of Lethic botnet, FireEye's security experts helped in taking down the MegaD botnet in November 2009. In May 2009from the University of Californiaat Santa Barbara (USA) revealed how they had adopted an offensive approach by infiltrating Torpig botnet. This was very bold and notorious step taken by the researchers, which gave rise to debate as to what extents the researchers must go to shut down a botnet.
Such an act of shutting down Lethic botnet clearly shows the increasing extent of botnet chasers going offensive to stop cyber crooks, primarily by damaging their precious bot infrastructures.
Labels: Botnet network, Lethic Spamming botnet
Posted on Monday, February 15, 2010