Introducing the ‘Dirtiest Web sites of Summer 2009′

Norton_Nx_4c_obFor some time now we have been outlining that web based threats are now the propagation vector of choice for the bad guys. The old advice of being careful of where you go on the internet and to stay clear of the bad ‘neighbourhoods’, no longer suffices. Legitimate web sites can be compromised and become a source of malware.  The issue that many people face and struggle with is just how can you tell which sites are safe to visit?

We have just releases today a report that identifies the ‘Dirtiest Web sites of Summer 2009’, the 100 sites with the most threats detected by the site rating service Norton Safe Web, as of August 2009. These sites represent the ‘worst of the worst’, based on the number of threats detected by Norton Safe Web.

It comes as no surprise that 48% of the sites are ones that feature adult content. However, the remainder cover the gamut of subject matter. Viruses are the most common threats to be found, followed by security risks and browser exploits. Simply, visiting one of these sites, without downloading or clicking on anything in particular, could put you at risk of exposing your computer to infection, and worse, put your identity, personal and financial information into the hands of cybercriminals.

What makes these sites so dirty? It is just the sheer number of threats to be found on them. Norton Safe Web has found that the average number of threats per malicious site is 23. Compare that with the average number of threats from the Dirtiest Web Sites list – a staggering 18,000 per site! What we also found is that 75% of these sites had been ‘dirty’ for over 6 months.

To find the dirt, Norton Safe Web crawls the Web and performs analysis of millions of Web sites, and benefits from a network of more than 20 million Norton Community Watch members that automatically submit suspicious URLs for analysis in real-time.  Norton Safe Web analyzes websites using signature-based file scanning, intrusion detection engines, behavioral detection and install/uninstall analysis to identify security risks including phishing sites, malicious downloads, browser exploits and links to unsafe external sites.  In other words – dirty stuff you don’t want on your computer.

August 19, 2009 | Filed Under Announcements, Security | Leave a Comment 

New battle lines are being drawn.

Crystal ballThe past few weeks have been interesting from a security perspective. Are we starting to see social networking truly emerge as the threat vector of choice for the bad guys? I think so.

The headlines have been grabbed, as it seems to be about anything, by Twitter. We have seen it pose both as a victim and as an unwitting perpetrator. Two weeks ago, we saw Twitter come under a DDOS attack, that resulted in the being taken down for a short period of time. The working supposition being that it was launched, as an attempt, to quieten a pro-Georgian blogger who has been critical of Russia. Today, I have came across this article that provides some additional insight into last year’s cyber attacks that brought internet traffic to a standstill in Georgia. It suggest, that in part, the attacks were carried out by civilians and Russian crime gangs. What was particularly interesting, is the belief that civilians were recruited into the attempt to over-power Georgian web sites, and that they were recruited using social networking sites.

Moving on from this, the last few days have seen stories of how Twitter was now being used as a command and control channel for a Botnet. Symantec security response were quickly onto this and have covered it in some depth here. This marks an interesting moment. The use of Twitter, in this manner, is at the same time both elegantly simple and worrisome. That being said, now we have seen and understood it, we can start to think about how we can counter this.

Finally, the past weeks have seen the resurgence of Koobface and I wrote on this a few weeks backKoobface is an anagram of Facebook and is a worm that targets users of social networking sites. More often than not it will then attempt to download a range of misleading and useless application and then get the user to pay for them.

Is it me, or do you see a pattern? The world of social networking represents a whole new (business) opportunity for the cyber-criminal. A whole new set of battle lines are being drawn, with the bad guys on one side, being faced down on the other side, by the site owners/operators and the security industry.

August 18, 2009 | Filed Under Security | Leave a Comment 

Sharing – how much is too much?

computer_networkThe conviction, this week, in the US of Frederick Wood to 3 years imprisonment for  a fraud scheme  has made the headlines. What this case brings to the fore is, the potential use of peer-2-peer (P2P) services as a tool for identity theft. In this particular instance, Wood used LimeWire to trawl the hard drives of users computers for terms, such as ‘tax return’ and ‘account’. This information was then used to forge cheques and to buy electrical goods. Interestingly, he also searched for college application forms,because of the wealth of personal information that they contain. How many of us have our CVs on our machines? If you think of it, these chronicle our lives and are a very rich source of personal information.

LimeWire and other P2P services need very careful setup when they are first installed, since the default setting is to share all of the information on the hard drive. As this case demonstrates, overlooking that then can leave your PC open to prying eyes.

August 13, 2009 | Filed Under Security | Leave a Comment 

The future of security? Reputation.

Norton_Nx_4c_obWhat is the future for IT security? It is a great question. It is being raised on a regular basis, more often than not, as a result of reports from all of us in the industry that we are finding more and more malware.  We at Symantec have a definite view on this. It is clear that we need to bring to market new approaches and techniques, if we are to continue to prevail. Blacklisting, is still the common approach, but many would argue that its value is diminishing rapidly. White-listing is an alternative, but many practical issues follow as result and in the end it is compromise.

We do have a vision of the ‘third-way’ for security and it is reputation based security. We have been working away steadily and diligently on this for nearly three years now. We have arrived at a point now that we are prepared to talk about it and deploy it. It finds its public expression in a technology we call ‘Quorum’ and you can see it and use it. It forms a significant part of our forthcoming Norton 2010 release, which is in public BETA. It is an interesting and somewhat head-scratching topic to address. Fortunately, if you follow this link to  the Norton Protection Blog, you can find a couple of posts and associated videos that do a fine job of explaining, just how we at Symantec are going to go about doing our job of protecting you from this point onwards.

August 11, 2009 | Filed Under Announcements, Security | Leave a Comment 

Guan yersel Glasgow!

saltire saint andrewThis article from the BBC caught my attention – being Scottish and all that. It suggests, that we Scots, would cut back on eating, or holidays, rather than give up satellite TV or broadband access, according to OFCOM. I am aware that this opens up many opportunities to joke at the expense of my countrymen!  Not only am I Scottish, I am a Glaswegian. The OFCOM report shows that the number of homes in Glasgow where people use a broadband internet connection is the lowest of any major UK city. This is both curious and worrisome. It begs the question, that if Glaswegians, are to continue their rich heritage of bringing learning, culture and innovation to the world at large, they need to get better connected to the ‘net.

For those of you who are interested, ‘Guan yersel’ is some Glasgow patter and it is our version of, ‘Go on yourself’. Now, all I need to do is tell my wife that the holiday is off!

August 6, 2009 | Filed Under Announcements, Market trends, Miscellaneous | Leave a Comment 

The state of Spam and Phishing for July 2009

spamWe have just released our latest State of Spam report and it shows that volumes averaged 89% of messages for July 2009. During the month, image spam continues to show a resurgence and to have an impact, reaching 17% of all spam during one point in July. Click here to download the report.

In addition we have also released our State of Phishing report. We saw a 52% increase in phishing attacks from the previous month. We continue to observe that the majority of the attacking URLs were generated using phishing toolkits, with a 150% increase from the previous month. Click here to download the report.

August 6, 2009 | Filed Under Security, Spam | Leave a Comment