Really, your face isn’t stupid

Spam is annoying. By our estimates, 80% of all email is now spam. As you’d expect, many people are now a lot smarter about how to filter out or completely ignore spam. This means that spammers are having to come with new ways to approach us and get to open and or click on attachments that are enclosed.

Recent weeks have seen the spammers switch their attention to insulting us to get our attention.  There has been a flood of emails with a subject line of ‘Your stupid face’. Their intent has been to get us angry or curious enough to open the email and then click on the attachment purporting to the user’s ’stupid face’. The attachment is a ‘video.exe’ or something similar. If you click on it, you can be directed to a host which has the malware on it and before you know it, you are infected with a bot.
 
This new genre of spam is being described as ’spam slam’. So, if you see something like this in your in-box, don’t open or click on it: delete it.  Even, if you think your face is a bit stupid.

June 24, 2008 | Filed Under Security, Spam | Leave a Comment 

It’s a Browser Bust-out.

Well we will have to wait and see if Mozilla have managed to set a Guinness World Record for the most amount of on-line downloads in a single day with the release of Firefox3.

It has been a busy time in the browser world of late. Opera released their new browser a week or so back.  Let us not forget that there is a BETA of IE 8 out there as well. So, there is plenty of choice and competition out there now in the world of browsers. That is no bad thing.

In reading the releases and reviews for these new browsers it struck me that, yes, there are some enhancements and new functionality in the user interface, but they all talk up the new and enhanced security message. This is to be welcomed as the past 12 months have seen the rise of browser targeted attacks. As such, the message and tone from all the browser guys is that they have ‘hardened’ their browsers to stop some of the attacks of the past and to make them more difficult to compromise going forward.  The Browser is turning out to be the new battle-ground. It is the ‘window’ to the world of the internet for most users and it is where we work and play. Hence, why it is so important that the browser is better protected and strengthened.  We at Symantec have long believed in this. In the past couple of years we have built into the browser additional security features and functions to help out on this e.g. real-time anti-phishing, identity protection, protection against drive-by-downloading. 

The new browsers are moving in this direction as well. But, I don’t see that our job is done. I fully expect that we will continue to build out enhanced security functionality on the back of what the browser guys have already done.

PS: I have just read the first posting of a vulnerability with Firefox 3. Nothing changes.

June 19, 2008 | Filed Under Security | Leave a Comment 

The $160Billion question?

The security focused news-wires have been busy this past week reporting on the impact of ‘ransomware’. This is in response to the discovery of a new variant of Trojan.Gpcoder. This is a particularly nasty threat that uses public key cryptography to encrypt files on a person’s computer and subsequently requests payment from the user in order to recover the files.  What was newsworthy about the new variant was that it was using a 1024-bit encryption key. In lay-man’s terms, this means that it is tough to crack the code to release the encrypted data.

The latest variant of the virus, first reported on June 4, appears to not have the implementation flaws of previous versions. While 1,024-bit keys are considered weak for high-security applications, the encryption is strong enough to foil reasonable attempts to brute force the solutions. In a blog on the Symantec Security Response site, Eoin Ward, notes that by some estimates a machine that could break one 1024-bit RSA key in about a day, would cost $160 billion when adjusted for today’s prices. Wow!

Ransomware has been about for quite a while. It is a nightmare scenario for many users, However, it is relatively uncommon, simply because it is hard to ‘cash-out’. By that, I mean the ability of the bad guys to get money for it.  They have to setup a payment mechanism to get the ‘ransom’ and in doing so, they make themselves vulnerable to being detected.  In those cases that people have paid up, the ‘ransom’, has tended to be pretty low i.e. in the range of $50-$100. So, I don’t think there is any prospect of $160 billion being spent to solve this. So, what is to be done?

Well, what this incident brings to the fore is the need for regular backups. This will mean you have something to fall back to, if you were to fall foul of this type of attack. Now, whilst the debate rages on about how to generate a key to decrypt this variant of Trojan.Gpcoder, definitions have been created and released to identify it. Therefore, ensure your AV definitions are up-to-date.

June 16, 2008 | Filed Under Backup and restore, Data loss, Security | Leave a Comment 

Testing times!

I read, with some interest, that Trend have decided to withdraw from the Virus Bulletin 100 (VB-100) anti-virus test, here is the article. I also then had my attention drawn that Trend had failed the latest VB-100 tests: their performance on VB-100 has been somewhat ‘mixed’ of late. VB-100 tests aim to assess how security products fare in detecting a set of viruses in the WildList, an up-to-date list of malware samples known to be in circulation.  It numbers circa 700 viruses. Trend stated that the test had become out-dated and no longer reflect the fast changing threats that security products need to counter day-to-day.

Now, Trend’s announcement further highlights the understood requirement within the security industry for a new testing methodologies. We need approaches that will better reflect the complex and dynamic nature of the threats that anti-malware products are trying to counter. Notably, the Anti Malware Testing Standards Organisation (AMTSO), has been created to address this.

Whilst, we can all debate the relative merits of the current tests, Virus Bulletin themselves did comment that their test is not the only way to test anti-malware products, but products should be able to detect items in circulation. Furthermore, VB-100 is a measure of product competence and on-going reliability.

So, we all have to live in an ‘imperfect’ world of testing and expect for better days ahead. I am hopeful that the AMTSO initiative will deliver. But I think it is much better to stay the course - rather than decide to wander off.

 

June 10, 2008 | Filed Under Announcements, Market trends, Security, Technology | Leave a Comment 

Would you credit it?

At Symantec we have a our Global Intelligence Network.  This comprises over; 40K sensors, a couple of million decoy email addresses, and then 150 million or so Symantec end-points. It allows us to monitor what is happening on the internet, second-by-second. One facet of this is, our monthly ‘State of Spam’ report that we publish.

Casting our minds back to June 2007, we reported that nearly 70% of all email sent was Spam. This was an alarming,  and at the same time, interesting trend.  One of the new tricks that helped fuel the increase was the use of, so called, PDF-Spam.  Here, the spammers had attached the spam message as a PDF file to help circumvent spam-filters.  New countermeasures were brought into place and PDF spam came and went.

Well, here in June 2008, the amount of spam is an incredible 80% of all emails. What gives?

 This is testament to the on-going determination and inventiveness of the spammers. Now, one thing I have noted in my own personal email account is the amount of ‘credit’ related emails that have flowed into my spam folder. They all follow a similar pattern: I have been ‘pre-cleared’ for a loan, or, ‘Get out of the red’ instant credit available to me.  The further twist is that you get them in week 2 or 3 of the month, on the basis that is when we are getting low on cash and waiting for the next pay day. So, the spammers have piggy-backed on the back of the ‘credit-crunch’ and hence the continued and unparalleled levels.  We see this constant ‘see-sawing’ from them using either technically or socially related means to keep pumping out the flood of spam.

Even the ‘credit crunch’ is old news now, we are seeing them switching to spams that focus on the fuel crises, with promises of discounted or free petrol diesel, gas, electricity. For those of you who want to read the full ‘State of Spam’ report for June 2008, follow this link. http://www.symantec.com/business/theme.jsp?themeid=state_of_spam

June 9, 2008 | Filed Under Market trends, Spam | Leave a Comment 

Games within games

By some estimates, there are in excess of 250 million online gamers worldwide.  The revenue associated with this is in excess of $8billion in 2007, with it forecasted to grow to just short of $10billion in 2008. You know the drill: where there are many users and a lot of money, then the bad guys are sure to coming calling.

By our estimates, there are in excess of five thousand Trojans that have been developed with the purpose of stealing user details from computer games.  Getting access to a ‘gamers’ account can be very valuable and lucrative for the bad guys.  They can use the old ploy of extorting money from you to get your account ‘back’. Or, they can simply sell-on your account to someone else.  There have been instances of the bad-guys raiding and accumulating valuable on-line game paraphernalia, e.g. swords, shields, weaponry that has a ‘value’ and then ‘cashing this out’ into real money.

In advance of the ‘Dreamhack’ event in Sweden later this month, my colleagues in Sweden have created an interesting YouTube posting - you can see it below . It walks you through some of the potential issues that are posed by computer games as well as giving some pointers as to how to avoid some of these threats.

June 3, 2008 | Filed Under Uncategorized | Leave a Comment