Secret Santa?

Well as I look at my calendar, I can see that next week marks the arrival of December, hence the rush towards Christmas. If that did not fill me with horror, then coming across, this solicitation certainly did.

“Feeling bored? Miss the Christmas spirit? Want to make a lot of money before the holidays but you lack the right tools? We have the solution to your problems – our web malware exploitation kit which will bring back the Christmas attitude and also become the perfect gift for your friends. Available are Professional, Standard and Basic licenses, with each of these including or lacking some unique features based on your budget. Professional package comes with support.”

Yes, there is a Christmas themed web malware exploitation kit. I kid you not.  Exploiting Christmas is not new: not even for cyber criminals. In the run-up to Christmas spam increases, with all sorts of interesting Yuletide themed attachments (with associated exploits) and the inevitable phishing scams etc.  Truly, a veritable  ‘Cyber-malware Winterland of fun’!

Earlier this week, we released our survey on the Underground Economy. As you would imagine, everything is for sale amongst the cyber-criminal fraternity. Tool kits that help automate attacks and scams are offered for sale. So, it should come as no surprise that Christmas themed exploits kits are offered. The exploits offered cover a variety of browsers, Adobe Reader and MS Excel. So, to avoid falling prey to this band of Secret Santa’s, then ensure you security product is up-to-date and you have the most current versions of your key client-side applications.

November 26, 2008 | Filed Under Security | Leave a Comment 

Underground, but not out-of-mind

Today, we published a report on the ‘Underground Economy’.  It has been picked up and reported widely in the Press. The Symantec Global Intelligence Network is at work, every second of every day, monitoring, detecting and determining just what is happening out there on the internet. The report that we have published is a global report, that delves deeper into the murky depths of cybercrime and shows criminals operating with such sophisticated business models that they come complete with professional job roles and advertising strategies.

What is clear is that the Underground economy is becoming more sophisticated. We are seeing both the selling of ill-gotten goods and requests for assistance e.g. ‘I need someone to write me a Trojan’, ‘I need a bot-herd’ etc.  If everything we detected was sold at the asking prices requested, then the total comes to $275M.  This is a large sum. Now, that being said, if you look at the amount of money traded through legitimate on-line resellers, then this runs to the many hundreds of billions of dollars. So, the ‘legitimate economy’ wins out against the ‘underground economy’. What this research reminds all of us, is that we do need to be careful. In taking some sensible and simple precautions we can ensure that our identities and finances do not come to be traded in the underground economy.  We have created a short video, the latest in our series of ‘guides to scary internet stuff’, specifically on the underground economy.

Research, such as this, helps Symantec. It provides us with an insight as to what the bad-guys are interested in, how they get it, what they do with it etc. In turn, that helps us focus our efforts in designing our security products to mitigate this. Additionally, it also reminds the bad-guys that they are being watched, tracked, and that they cannot count on having things all their own way.

November 24, 2008 | Filed Under Identity theft, Market trends, Security | Leave a Comment 

Good news: bad news time

We have spent the last week rejoicing that the world was apparently seeing a little less spam, the result of the rogue ISP McColo having being taken offline. Most people were happy to see action being taken, proof positive that even the rogues can be brought to account. And so, we assumed that was and end to McColo.

However, this feel-good-factor has now been tempered with the news that McColo was able reconnect itself to the internet. It turns out that they had negotiated rights to a backup internet connection via TeliaSonera.  McColo quickly tried to update their servers over the weekend just past, in the hope that there would be a window of opportunity before the security forces could react and shut them down again, which is what happened.

Now, TeliaSonera have done nothing wrong here, they had acted through a retailer (who did nothing wrong either)  who had sold the connection to McColo. What it does point out is that when shutting down rogues like McColo, all the possible approaches that they might employ to reactivate themselves need to be covered off up-front.

November 20, 2008 | Filed Under Security, Spam | Leave a Comment 

The Symantec guide to scary internet stuff – ‘Bots’

The next edition of the Symantec guides to scary internet stuff has just been released. The subject this time is ‘bots’.  You can find the link to the video, which has been posted on YouTube, here. I think it is a fun and informative tool that helps explain the threats from ‘bots’.  For the bad guys, their focus and use of ‘bots’ and ‘bot-nets’ shows no signs of diminution. They continue to a real nuisance and menace and we need to continue to remind people to be aware of them and to be vigilant to the tell-tale signs of a bot.

November 10, 2008 | Filed Under Announcements, Security | Leave a Comment 

Is a response rate of 0.00001% good enough?

Researchers at the University of California, Berkeley and UC, San Diego (UCSD) are reporting that spammers are turning a profit despite only getting one response for every 12.5 million emails sent.  That translates itself into a response rate of circa 0.00001%. Most  direct mail organisations would set the bar at 2% for a ‘good’ campaign.

There is no particular news in the revelation that the spammers live off of sheer volume of spam email. The researchers here were purporting to be a fake pharmacy, peddling a herbal remedy to boost libido. This is pretty much representative, so it does call into question just how profitable it can be for them?  It does bring to the fore the point, that even with spam, the laws of return on investment still apply. With such a low-margin business, they are susceptible to advances in  new anti-spam and security software defences, that would render current techniques and campaigns as not worth it to them. Or, so we can but hope.

UCSD used some interesting tactics with their research. They managed to piggy-back on the ‘Storm’ network that uses hijacked home computers as relays for spam.  The ethics of this are open to debate, particularly when the researched added another 469 million spam emails that the world need not necessarily benefit from.

Full details of the Symantec State of Spam report for November can be found here.

November 10, 2008 | Filed Under Spam | Leave a Comment 

The Barack barrage

Today saw Barack Obama win the race for the White House. In the weeks leading up to  yesterday’s polling day, we were able to watch how the ‘bad guys’ tried a whole slew of tactics to use the election for their own purposes.  In our latest State of Spam report, we identify a couple of Barack Obama themed attacks that were used in October. We got to see a ‘Barackumentary’. Therein, the spammers offered a free DVD about Barack Obama; however, in order to receive the ‘free’ video, recipients were asked to provide personal credit card details to the sender. Regrettably, I am sure we can expect to see a lot of Barack Obama themed exploits in the weeks following his election and in the run-up to his swearing in as the 44nd President of the USA.

Now, no sooner have the Beijing Olympics started to pass into memory than we start to see the London 2012 Olympics start to be exploited by the spammers. We detected a lottery scam around London 2012, wherein the recipient is informed they have won £950K. All they need do is contact the ‘paying agent’ and provide details to collect their ‘winnings’.  And so, with that, the countdown to London 2012 begins in terms of scams, and socially engineered malware attacks.

November 5, 2008 | Filed Under Identity theft, Spam | Leave a Comment 

Do as I say, not as I do?

I was very interested to read Cory Doctorow’s blog post in the ‘Guardian’  ‘Bebo children will value privacy when they see adults do too’, which rightly drew our attention to the freely available nature of young people’s personal information online. From cyber-bullying or stalking and identity theft to grooming and online predators, young people’s identities and personal privacy are at risk from an increasingly diverse and imaginative range of threats. Previously computer users feared the loss and devastation reeked by a virus whereas now they face a multitude of opportunities at which their privacy can be compromised. 

Instant messages, social networking sites, forums, blogs and old fashioned email – in the ever expanding maze of communication methods Internet security is often a tough and confusing subject for parents to broach with their children. We recently conducted a survey into children and parent’s online behavior and  found that many parents are still in denial over the varied dangers on the Internet and are ignoring the sampling their children are doing. Only four in 10 online parents in UK have spoken to their child on safe Internet practices despite 87 per cent of children feeling comfortable talking to their parents about their online experiences. *

Cory encouraged readers to ‘Give your children honest, useful privacy information’ and to try and help combat this disparity between parent and child. That’s what we have been advocating in a recent initiative, called ‘The Talk’ as part of our Norton Family Online safety Initiative.  Remember ‘The Talk’ your parents had with you? Those uncomfortable conversations with our parents on sex education? Well, we’ve been encouraging parents to adapt this for talking to their children about the Internet. A mutually beneficial discussion, it will allow the child to appreciate both the important role the Internet can play in their lives for learning as well as the potential dangers. The end goal of this is for parent and child to come to a mutual agreement outlining the ‘rules of engagement’ regarding the child’s behaviour online.  

Getting one’s child to describe their experiences, with honesty, may be difficult, particularly if the parent is not an Internet expert or as skilled as their children.  But that is OK, because it’s not necessary for a parent to be an expert to help their children enjoy the Internet safely.

Taking this initiative will hopefully enable parents to develop their knowledge of what their child does on the Internet whilst encouraging the child to interact safely and learn how to value and protect their personal privacy and identity online.

November 4, 2008 | Filed Under Family Online Safety, Identity theft | Leave a Comment