Downadup: Does it add-up?

wormTomorrow is April 1st. Is this the day that the Conficker worm, sometimes called Downadup or Kido finally shows its true intent? Or, will to be, in the true spirit of the day, a mammoth ‘hoax’. This worm has managed to infect a large number of computers.  Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January.  Current users of Symantec’s Norton security products are protected.

Downadup/Conficker is interesting on many fronts.  It has managed to mutate over the past 3 months in an attempt to keep its self alive and viable and to that end, it has achieved that goal.  Albeit, that if you have the latest windows updates and are running an up to date security package you should be safe.

We don’t know the true purpose of the Downadup/Conficker worm.  Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines.  What will that software do?  We don’t know.  Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.    What we do know from looking at the Downadup/Conficker code is that on April 1st it will attempt to ‘phone home’ to get more instructions as to what to do.  So, despite the current hue and cry, there is no known payload for the worm. It will be interesting to see what finally transpires on Wednesday and if it is of any note. If you want more information of Downadup/Conficker, you can get it here. There is a wealth of information on it and what practical steps you can take.

March 31, 2009 | Filed Under Security | Leave a Comment 

searchengine1Search engine optimised attacks are an interesting, if not unexpected development. We all spend most of our days, tapping words and phrases into search engines. The results come back, we select a URL that looks interesting and off we go. What could be simpler and potentially, more dangerous.

Fraudsters are compromising legitimate pages, inserting code that redirects visitors to the Web sites of fake products and services, and then using search-engine optimization (SEO) techniques to attract victims. They do this by embedding the compromised pages with lists of popular search terms, so as to push the compromised URLs further up the search rankings. VNU Net report that the providers of a questionable affiliate service garnered more than $10,000 a day over a 16 day period. Not a bad return.

This raises the game on all of us. From our standpoint at Symantec, we have long contended that the job we now have to do, in addition to everything else, is to help guide our customers safely around the internet. We have just announced Norton Safe Web.  What this does is address the issue of search engine optimised attacks head on. Using Norton Safe Web, we mark-up all of the URLs returned from a search and using a traffic-light metaphor, directing people to known good sites (sites that are not hosting malware) and away from the bad sites.  It is no small undertaking, we in effect have to crawl and analyse the internet to establish these listings. We need to do this continually, to keep the ratings ‘fresh’ and usable. We have also added a further dimension. For eCommerce sites, we do a fuller analysis as to the reputation and trustworthiness of these sites. More information on Norton Safe Web can be found here.

March 24, 2009 | Filed Under Security | Leave a Comment 

Is a password manager the new AV?

httpHands-up how many of you are visiting and using less web sites this year than last year? I would be somewhat crest-fallen if many, or any, hands actually went up. The reality of  modern-day professional and personal life is that we are becoming dependent on the internet and web sites. This in turn, requires all of us to login in and out of a succession of sites on a daily basis.  I came across this interesting article, ‘a password manager is as mandatory as anti-virus’, by Adam O’Donnell.  Aside from my own personal feeling of ‘told you so’, it makes for a good read.

March 24, 2009 | Filed Under Security | Leave a Comment 

Is 6 out of 10, good or bad?

trojanI happened to be in Jersey this past weekend, playing football.  It turned out to be a frustrating weekend, not necessarily because of the football. My SmartPhone could send and receive emails, I could browse the internet, but for the life of me, I could not make a simple telephone call. I tried every conceivable setting, to no avail. So, I resorted to having to borrow a ‘phone from the other guys in the team – with the promise of drinks in return.  I  had the happy experience of using a variety of Blackberry’s, an iPhone, and whole host of Nokias. Which leads me to this article from the BBC website.

It reports that 6 out of 10 people use a password on their ‘phone. That got me thinking: is 6 out of 10 good or bad? Now, based on my experience over the weekend of constantly borrowing ‘phones, I think it is quite good. Most of the guys in my football team seemed to have the key-guard feature enabled, but scant evidence of passwords, never mind encryption. So, based on the experience with my teammates, 6 out of 10 is pretty good. What also struck me from the research quoted by the BBC, is that there is a lot of valuable information on our ‘phones. Nearly a quarter of people survey said they stored PIN numbers and passwords on their ‘phones.

So, until it is 10 out of 10, we cannot be complacent. The vast majority of people use a password to control access to their PC: they need to think about their ‘phone in the same way.

March 19, 2009 | Filed Under Security | Leave a Comment 

The state of Spam report: March

The button with an emblem of an antispam on the keyboard.Symantec has just released the latest state of spam report, you can find it here.  As ever, it makes for interesting reading. The bad news is that spam levels continue to drift upwards, reaching 86%. However, the good news, such as it is, is that it is not at the 90% levels that we saw,prior to the McColo takedown  at the end of last year. Last month presented a rich opportunity for the spammers, with Valentine’s Day, The Oscars and the on-going bad economic environment: maybe 86% wasn’t too bad a result?

What was noteworthy was the arrival of ‘green spam’. Yes, the spammers are jumping on the going green bandwagon. We are seeing spam that promises to lower your monthly bills by implementing a variety of green initiatives. I suppose we shouldn’t have expected anything less from them.

March 19, 2009 | Filed Under Spam | Leave a Comment 

Norton 360v3

n360v3I had the pleasure of meeting with the UK Press yesterday to introduce N360v3 to them.  It is a great product. Customers are going to notice a lot of new innovations with it. It starts with installation. You can install it with one click, and it should complete in just around about one minute. That get’s everyone’s attention, right from the start of using the product it feels familiar, but a lot better. N360 has always been about simplicity and with version 3 we have really taken this to another level. The product has the ability to use the ‘quiet’ time, when you are not using doing anythig with your PC,  to go off and do all ‘chores’ and things that need to be done.  It works brilliantly and it means that all the main security tasks, backup and tuneup tasks are done with the minimum of fuss, leaving you with a secure,  backed-up and optimised PC. 

Many of the threats we now have to protect people from come from web sites. With Norton 360v3, we have introduced Norton Safe Web to help with this. Results from the most popular search engines are marked, to show visibly to a user what sites are safe and those which are not. In addition, we have gone a step further, we can also provide, for those sites that are eCommerce sites, additional information as to the reputation and competence of the web site.  All of this means that, even before a user visits a web site, we can provide them with information and guidance, in adavnace and in doing so, help keep them out of harm’s way.

If you are an existing N360 customer and have a valid subscription, you will be able to upgrade to N360v3 for free. You can learn more about N360v3 here.

March 5, 2009 | Filed Under Announcements, Security | Leave a Comment