A couple of 20 year olds were arrested by the Metropolitan Police Service of Manchester for violating the 1990 Computer Misuse Act and the 2006 Fraud Act. They had configured the Zeus Trojan, a.k.a. Zbot, to steal victims bank account information, passwords, credit card numbers and other information.
Arrests “a breakthrough”
“The Zeus Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world,” said Detective Inspector Colin Wetherill of the Metropolitan Police’s Central e-Crime Unit (PCeU), in a statement. “The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality.”
Zeus widely available
The Zeus crimeware toolkit is widely available in the cyber-underworld for free or for purchase. It’s delivered to unsuspecting users via spam. It’s been reported that it’s easy to use and a powerful tool for stealing personal data from remote systems. It was initially linked to a group of online criminals known as “Rock Phish” that targeted financial institutions all over the globe. It has been reported that Facebook and MySpace users have been targeted in a recent spam campaign.
About Mailprotector
Mailprotector’s services protect your personal information from these types of Trojans. Our systems protect your Exchange server, or any mail server, from spam, viruses, Trojans, phishing attacks, and other email borne malware.
The Mega-D botnet was disabled last week by a team of white hat hackers. It may have had up to a quarter million infected machines under it’s control before it was disrupted. The botnet was estimated to be responsible for a third of the world’s spam output. It was knocked out of commission last week by employees of security firm FireEye.
How they did it
Dan Goodin reported: “After unplugging the Mega-D master control channels, the researchers set up a benign ’sinkhole’ channel for the bots to report to and waited to see what would happen.
Over five days, 487,340 unique IP addresses reported to the ad-hoc server. Using findings derived from last year’s take-down of the separate Srizbi botnet, FireEye estimates that the figure translates to 248,590 unique machines. Unlike Mega-D, Srizbi included an accounting mechanism that identified each infected machine. They then analyzed the number of IP addresses and noted that after five days, it was about double the number of individual Srizbi victims.”
Size hard to judge
FireEye’s Todd Rosenberry said “Any botnet size estimate should be taken with a grain of salt as they are notoriously hard to calculate and there is a lot of conflicting data out there.”
Effects felt worldwide
The researchers estimated that Brazil was the most infected country (11.5 percent of the victims), followed closely by India and Viet Nam. 214 countries were represented.
Still under watchful eye
Mega-D is still being monitored. There are plans to turn over maintenance of the sinkhole server to Shadowserver. These volunteers have established infrastructure and relationships with ISPs and Computer Emergency Response Teams, or CERTS, globally.
About Mailprotector
Mailprotector’s services are ideal for protecting your Exchange server, or any mail server, against spammers attempts to flood your inbox with their junk: spam, viruses, trojans, phishing attacks and other email borne malware and threats.
Today marks the 26th birthday of the computer virus. On November 10th 1983 Fred Cohen, a University of Southern California graduate student, provided a proof-of-concept during a security seminar at Lehigh University. 26 years later the computer virus is still going strong.
My first virus
I recall my first computer virus experience, “Melissa“, back in 1999. I was working for another company in London at the time and we started getting lots of email with the same subject line from multiple European and far eastern affiliates. Before long, many of our users were sending loads of email out that they never initiated. Our network admin “pulled the plug” on our local Exchange server until he could resolve the issue. I called our US headquarters to give them a heads-up but they still had numerous users opening and infecting their mail systems. That was a wake up call and dealing with email-borne malware provided an experience that I’ll never forget.
My how you’ve grown!
Email malware has gotten a lot nastier since then. It presents huge problems for users and admins. Computers can be hijacked and used for nefarious purposes. Information can be stolen and bank accounts drained. The FBI has released a warning about the threat to online cyber fraud. Some figures estimate cyber fraud losses to be upwards of $100 million year-to-date.
About Mailprotector
Mailprotector’s services have been squashing spam, viruses, Trojans, phishing attacks and other email-borne malware for nearly 10 years. It’s affordable, easy to set up and simple to use.
The National Security Agency (NSA) will soon break ground in Utah for a new cyber security data center that’s budgeted at $1.5 billion. The NSA facility will provide cybersecurity intelligence and warnings as well as provide support to defense and civilian agency networks.
“Our country must continue to advance its national security efforts and that includes improvements in cybersecurity. As we rely more and more on our communications networks for business, government and everyday use, we must be vigilant and provide agencies with the necessary resources to protect our country from a cyber attack.”
-Sen. Robert Bennett, R-Utah
Offering a hand to Homeland
They will also lend technical assistance to the Department of Homeland Security, according to a transcript of remarks by Glenn Gaffney, deputy director of national intelligence for collection, who is responsible for oversight of cyber intelligence activities in the Office of the Director of National Intelligence.
Located in Utah
The data center will be built a few miles south of Salt Lake City at Camp Williams, a National Guard training center. It was chosen for its access to cheap power, communications infrastructure, and availability of space, Gaffney said. The complex will comprise up to 1.5 million square feet of building space on between 120 to 200 acres, according to news sources.
About Mailprotector
Mailprotector operates in redundant data centers that provide plenty of horsepower to protect your email systems from spam, viruses, Trojans, phishing attacks and other email borne malware. So if you want to get your email systems protected at affordable prices then give us a call.
In celebration of National Cyber Security Awareness Month I’ve adopted one of Lou Holtz’s little stories. Lou has a special way of delivering a message. I recently caught this nugget:
The organization had just experienced a severe data breach. Everybody, Anybody, Somebody, and Nobody – they were all given an important task.
“Everybody was to do it. Everybody felt sure that Somebody would do it, because Anybody could do it, but Nobody did it.
Somebody got mad because it was Everybody’s job. Everybody felt that because Anybody could do it, but Nobody realized that Somebody didn’t do it.
In the end Everybody got mad at Somebody because Nobody did what Anybody could do.”
-L.Holtz
It’s a funny delivery but with a serious message. Admins and users need to stay aware of what’s happening with their email. Reveiw your current email usage policies and security posture to make sure you don’t have any vulnerable areas. You can implement one of Mailprotector’s award winning services to help mitigate email-borne threats: spam, Trojans, viruses, etc. Don’t fall prey to the cyber tricksters! Happy National Cyber Security Awareness Month!
According to numerous recent reports Hotmail users have had their login credentials stolen.
About 10,000 users had their user credentials swiped in this latest phishing attack and millions more have been warned they could be at risk. Cyber-scammers set up a fake Hotmail login page that users entered their information.
Hotmail not alone
Not only did Hotmail users get cyber-mugged but Gmail, Yahoo! Mail, AOL, Comcast and Earthlink account holders were targeted, too. A spokesman for Google said, ‘We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail account. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.’
Not a breach, but a scam
Google stressed that the scam was ‘not a breach of Gmail security’ but rather ‘a scam to get users to give away their personal information to hackers’.
Unrest remains among the affected
Account logins had been posted online. They were taken down soon after that discovery. However, users now fear they may have had personal information (credit cards, bank account numbers, etc.) taken from their accounts as a result of their user credentials being publicly posted. Police are advising affected account holders to pay close attention to their credit card and banking accounts for any unauthorized activity.
To help protect yourself from falling prey to phishing scams:
- Change passwords frequently (every 30 days to 90 days).
- Use “strong” passwords: include upper case letters, lower case letters, numbers and characters randomly dispersed within the password.
- Don’t use the same password for your email account as you do for other online accounts. Many online accounts use your email address as the user name.
- Never click through any warnings your browser may raise about certificates.
- Be wary of pop-up security warnings.
- Be wary of mispelled words, poor grammar, blurry graphics on the web site as these items may indicate a phishing site.
- Implement email security that protects against spam, phishing, malware and other email-borne attacks.
No sign of a cool down for phishing
These phishing attacks will only continue due to the hackers success stealing thousands of email account user credentials. “Hotmail” now conjures up a completely different connotation.
In a recent study researchers found that small botnets are causing big problems for enterprise networks.
Most botnets are doing more with less
The study tracked more than 600 botnets over a 3 month period. Most of the botnets studied, 57%, were comprised of 100 or fewer nodes. 21% of the botnets had 101 – 500 nodes. 17% of the botnets had between 500 – 10,000 nodes. Only 5% of the botnets had more than 10,000 nodes. Whenever we think of botnets we usually envision thousands of slave PCs being used for nefarious purposes. These smaller botnets are more specific in their targets and are not causing large network disruptions. They are harder to detect as a result. This study sheds new light on the botnet issue.
“Do-it-yourself” botnet kits are readily available
Many of these smaller botnets use tools from DIY kits that can be purchased or downloaded for free from various malware distribution sites. The ability to build tools to lurk on networks provides the hacker with tailored application to specifically target the items and information they want to access. Many of the tools that are being used to craft these specific applications even have backdoors that were created by the original developer. So now you have the hacker that created the custom application gathering information about the network as well as the creator of the original tools used to develop this custom application all collecting information about the enterprise network. Dangerous and scary!
Stop the botnets from attacking
Mailprotector’s services help to protect your email systems from botnets. We keep rogues from sending you unwanted spam and malware to your users. We also protect your email systems from sending spam or malware from within by users or rogue accounts. We’ll even provide you with a free 30 day trial so you can experience botnet-free messaging. Check out our services online or feel free to contact us to learn more.
You can read more details about this study at http://www.eweek.com/c/a/Security/Small-Botnets-Causing-Big-Security-Problems-for-Enterprises-275556/
According to a recent report from brand reputation firm MarkMonitor, phishing attacks reached a record high of 151,000 unique attacks during the 2nd quarter of 2009.
They want your login info
Favorite subjects and themes of phishing emails sent out in Q2 of 2009 include those which appeared to be from social media websites (up 168% from last year), and most commonly (4 out of 5 of all phishing attacks) from financial/payment service-related businesses. Almost all phishing emails are sent with the intent of tricking unsuspecting recipients into giving up their login information to various websites, thus severely jeopardizing the security of those who fall prey to such attacks.
The land of the free, and the home of most phishing sites
According to the report which looked at the number of unique Phishing sites, 50% originated in the United States — significantly more than any other individual country.
Conflicting data…who has it right?
The rise in attacks from phishing sites as reported by MarkMonitor conflicts with data which was published by IBM in August of this year. IBM claimed that attacks from phishing sites were actually on the downfall. This difference of opinion could be explained by looking at how the data was collected. IBM looked at phishing email as a percentage of spam, while MarkMonitor based their numbers off the number of unique URLs used by phishing sites.
How to prevent phishing attacks
- Use a spam filter to stop phishing emails from reaching your inbox
- Always be very careful to only open email from trusted senders
- Never click links in emails that seem even remotely suspicious
These latest figures show that phishing is still a big problem. Unless everyone gets wise to the tactics of the phishers (which is unlikely), phishing will continue to threaten the security of individuals and organizations worldwide. Be safe, and be prepared.
When most of us hear of identity theft we first think of someone stealing information from our garbage can and using it to open an account. While personal identity theft is a real threat, many small business owners fail to realize that their business is subject to identity theft as well.
Many of us try to keep our personal data hidden from others; however, as businesses we often times promote pieces of this private data – address, contact information, phone number, and even business license number.
Just as you do in your personal life, it is important to take steps to protect your small business from identity theft. Some basic steps include:
1. Check your business credit report
2. Be sure to have an email security system in place to prevent spam, viruses, and phishing
3. Lock down the network – firewalls, encrytion
4. Shred important documents (dumpster diving is still common)
According to a Panda security report, a surprising 29% of small businesses don’t have a spam filtering solution. Additionally, 16% of small businesses do not have firewalls.
You can read more on small business (SMB) identity theft in the following CIOZone article.
The other day I got an instant message from a friend who franticly told me “I keep getting spam from myself!” He went on to explain that his torch and pitchfork-carrying co-workers were also seeing the same thing.
One thing led to another, paranoia grew into pandemonium, and before they knew it everyone was throwing around the “R” word. Thankfully, before they “reformatted” every computer on their network with hopes of closing the door on the supposed hacker, my friend wisely called on me (his buddy in the email security business) to offer some insight. “Worry not my friend. Worry not.” I confidently exclaimed . “All you’re seeing is a spoofed email address, nothing more.” As I went on to tell him about the ins and outs of email spoofing, his mind was put at ease and his company’s network-wide reformat was safely averted. But what exactly is email spoofing? I’ll explain to you as I did to him.
What is email spoofing?
Email spoofing is a tactic that spammers use to make your email server think that you are sending a message to yourself, therefore it is “OK” to let the message through. In actuality the messages are not from you…it just looks that way. Wikipedia explains it well:
E-mail spoofing is a term used to describe (usually fraudulent) e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field (found in the e-mail headers) it actually comes from another source. (http://en.wikipedia.org/wiki/E-mail_spoofing)
How common is email address spoofing?
Spoofed addresses are extremely common because of the high rate of successful delivery when sent to unprotected email addresses. A quick check of my own spam quarantine shows that in the past 30 days alone, Mailprotector’s spam filter caught 52 spam messages that look as though they were sent from my own email address. These messages account for over half of all the spam in my quarantine for that time period. Thanks to Mailprotector I have never received even one of these annoying pieces of email in my inbox, but my friend and others like him don’t fare so well. Many email users get spam from a spoofed address that looks like their own on a daily basis.
Is email spoofing dangerous?
Not always, but it definitely can be. Spoofing an email address is as easy as putting a forged return address on a package or envelope, and (in much the same way) it’s the contents you have to watch out for. Messages that use email spoofing to get from point A to point B may contain content that’s simply annoying, such as links to canadian pharmaceutical websites. On the flip side such messages may also contain viruses, trojans, worms, or links to phishing websites that are standing by to automatically install harmful malware as soon as you click.
How to stay safe from email spoofing
The best practice when it comes to spoofed email addresses is to simply never open an email if it’s from your own address. Just delete that sucker and move on. Even better yet, use a good email security service to filter out emails that use advanced address spoofing tactics. If you go with a managed solution such as Mailprotector, they will be blocked before they ever even get to your email server. Nice.
