Is connecting to the ‘net becoming faster?

computer_networkWell according to the latest report from Akamai, yes it is. In their latest state of the internet report, make the claim that the ‘net is getting faster. Looking at the third quarter of 2009, the report found that most countries in the top-10 list for Internet performance saw an average 18 percent increase in speed from the second quarter. South Korea topped the list, with a 29 percent jump in speed to 14.6 megabits per second, while Ireland came in second for most improved, with a 26 percent rise to 5.3Mbps.

This is all very encouraging, if you are in the top tier of countries. However, during the third quarter, 103 of the 226 countries measured had average connection speeds below 1 Mbps. The slowest connection speed? Well, the ignominy of that particular title goes to the island of Mayotte, located in the Indian Ocean, with an average connection speed of 43Kps, however, I am sure given its wonderful location there are other merits.

Interestingly, the report is now going to turn its attention to mobile internet connection speeds. Akamai analysed the average connection speeds from three of the leading mobile providers within the United States. They observed speeds of circa 700 Kbps.  However, there seems to have been a lot of variability between the carriers and also in what city you are in. I am sure that this rings true with many of us.

A faster internet brings with it more users and also the ability to do more things online. It also provides more opportunity for the hackers and cyber-criminals. In a shift from prior quarters, Russia and Brazil unseated the United States and China as the two largest attack traffic sources. Cyber attacks are now a global phenomena, with Akamai observing attack traffic originating from 207 unique countries. They also noted that they believe that Conficker worm is still very active.  During the third quarter, 78 percent of internet attacks observed by Akamai targeted port 445, up from 68 percent during the previous quarter. Port 445, which is used by Microsoft Directory Services, is the same port that Conficker targets, aiming to exploit a buffer overflow vulnerability in Windows and infect the targeted computer.

January 15, 2010 | Filed Under Announcements, Market trends, Security | Leave a Comment 

Guan yersel Glasgow!

saltire saint andrewThis article from the BBC caught my attention – being Scottish and all that. It suggests, that we Scots, would cut back on eating, or holidays, rather than give up satellite TV or broadband access, according to OFCOM. I am aware that this opens up many opportunities to joke at the expense of my countrymen!  Not only am I Scottish, I am a Glaswegian. The OFCOM report shows that the number of homes in Glasgow where people use a broadband internet connection is the lowest of any major UK city. This is both curious and worrisome. It begs the question, that if Glaswegians, are to continue their rich heritage of bringing learning, culture and innovation to the world at large, they need to get better connected to the ‘net.

For those of you who are interested, ‘Guan yersel’ is some Glasgow patter and it is our version of, ‘Go on yourself’. Now, all I need to do is tell my wife that the holiday is off!

August 6, 2009 | Filed Under Announcements, Market trends, Miscellaneous | Leave a Comment 

The Spy in your hand?

crystal-ballI came across an article in ‘Businesweek’ (June 15th, 2009) that caught my attention. It’s theme was that a new generation of user-friendly spy-phone software has become widely available in the past year or so. They note that more than 200 companies are selling spyware online, at prices as low as $50. What really was interesting was the estimation that 3% of mobiles in France and Germany are ‘tapped’ and that this rises to 5% in countries such as Italy and Greece. Now, it has to be admitted that the source of this estimate was a private-investigation outfit in Italy. That being said, James Atkinson a spy-phone expert at Granite Island Group, Massachusetts, puts the number of tapped phones at 3% in the US. I agree that all of this needs to be taken with a good pinch of salt; nonetheless it does get you thinking.

The current generation of spy-phone software has one major drawback and that is that you need to have access to the phone you want to tap to load the software onto it. That being said the Newsweek article goes onto outline that a new generation of mobile spyware that is being developed for law enforcement agencies will accompany a text message and automatically itself on the targets phone when the message is opened. The supposition being that the same technology could also make its way into the hands of criminals.

The article finishes off claiming that AV and security programs developed for computers require too much processing power, even for smartphones.  At the end of the day, the spy-phone software is just software, just as is the security software that can detect it and mitigate the risk. So I do not sign up for their presumption that smartphones are exposed. We are seeing the evolution and deployment of security software for smartphones.  There is a saying in our industry – ‘security through obscurity’. By and large, it can be seen to be a truism. At the moment, with smartphones this can also be seen. Given the number of mobile operating systems that are being used e.g. iPhone OS, Palm Web OS, Android, Windows Mobile, Symbian etc, it neatly segments the addressable market into smaller chunks that may diminish the attractiveness of any segment to the malware author. It may simply be a moment in time, but no doubt many would like it to hold for as long as possible. Thankfully, in term of actual numbers, the volume of malware for smartphones and applications such as spy-phone software is dwarfed by that created for the PC.  However, it is one area that needs to be taken seriously and a careful eye kept on it.

June 9, 2009 | Filed Under Market trends, Security, Technology | Leave a Comment 

Underground, but not out-of-mind

Today, we published a report on the ‘Underground Economy’.  It has been picked up and reported widely in the Press. The Symantec Global Intelligence Network is at work, every second of every day, monitoring, detecting and determining just what is happening out there on the internet. The report that we have published is a global report, that delves deeper into the murky depths of cybercrime and shows criminals operating with such sophisticated business models that they come complete with professional job roles and advertising strategies.

What is clear is that the Underground economy is becoming more sophisticated. We are seeing both the selling of ill-gotten goods and requests for assistance e.g. ‘I need someone to write me a Trojan’, ‘I need a bot-herd’ etc.  If everything we detected was sold at the asking prices requested, then the total comes to $275M.  This is a large sum. Now, that being said, if you look at the amount of money traded through legitimate on-line resellers, then this runs to the many hundreds of billions of dollars. So, the ‘legitimate economy’ wins out against the ‘underground economy’. What this research reminds all of us, is that we do need to be careful. In taking some sensible and simple precautions we can ensure that our identities and finances do not come to be traded in the underground economy.  We have created a short video, the latest in our series of ‘guides to scary internet stuff’, specifically on the underground economy.

Research, such as this, helps Symantec. It provides us with an insight as to what the bad-guys are interested in, how they get it, what they do with it etc. In turn, that helps us focus our efforts in designing our security products to mitigate this. Additionally, it also reminds the bad-guys that they are being watched, tracked, and that they cannot count on having things all their own way.

November 24, 2008 | Filed Under Identity theft, Market trends, Security | Leave a Comment 

Testing times!

I read, with some interest, that Trend have decided to withdraw from the Virus Bulletin 100 (VB-100) anti-virus test, here is the article. I also then had my attention drawn that Trend had failed the latest VB-100 tests: their performance on VB-100 has been somewhat ‘mixed’ of late. VB-100 tests aim to assess how security products fare in detecting a set of viruses in the WildList, an up-to-date list of malware samples known to be in circulation.  It numbers circa 700 viruses. Trend stated that the test had become out-dated and no longer reflect the fast changing threats that security products need to counter day-to-day.

Now, Trend’s announcement further highlights the understood requirement within the security industry for a new testing methodologies. We need approaches that will better reflect the complex and dynamic nature of the threats that anti-malware products are trying to counter. Notably, the Anti Malware Testing Standards Organisation (AMTSO), has been created to address this.

Whilst, we can all debate the relative merits of the current tests, Virus Bulletin themselves did comment that their test is not the only way to test anti-malware products, but products should be able to detect items in circulation. Furthermore, VB-100 is a measure of product competence and on-going reliability.

So, we all have to live in an ‘imperfect’ world of testing and expect for better days ahead. I am hopeful that the AMTSO initiative will deliver. But I think it is much better to stay the course – rather than decide to wander off.

 

June 10, 2008 | Filed Under Announcements, Market trends, Security, Technology | Leave a Comment 

Would you credit it?

At Symantec we have a our Global Intelligence Network.  This comprises over; 40K sensors, a couple of million decoy email addresses, and then 150 million or so Symantec end-points. It allows us to monitor what is happening on the internet, second-by-second. One facet of this is, our monthly ‘State of Spam’ report that we publish.

Casting our minds back to June 2007, we reported that nearly 70% of all email sent was Spam. This was an alarming,  and at the same time, interesting trend.  One of the new tricks that helped fuel the increase was the use of, so called, PDF-Spam.  Here, the spammers had attached the spam message as a PDF file to help circumvent spam-filters.  New countermeasures were brought into place and PDF spam came and went.

Well, here in June 2008, the amount of spam is an incredible 80% of all emails. What gives?

 This is testament to the on-going determination and inventiveness of the spammers. Now, one thing I have noted in my own personal email account is the amount of ‘credit’ related emails that have flowed into my spam folder. They all follow a similar pattern: I have been ‘pre-cleared’ for a loan, or, ‘Get out of the red’ instant credit available to me.  The further twist is that you get them in week 2 or 3 of the month, on the basis that is when we are getting low on cash and waiting for the next pay day. So, the spammers have piggy-backed on the back of the ‘credit-crunch’ and hence the continued and unparalleled levels.  We see this constant ‘see-sawing’ from them using either technically or socially related means to keep pumping out the flood of spam.

Even the ‘credit crunch’ is old news now, we are seeing them switching to spams that focus on the fuel crises, with promises of discounted or free petrol diesel, gas, electricity. For those of you who want to read the full ‘State of Spam’ report for June 2008, follow this link. http://www.symantec.com/business/theme.jsp?themeid=state_of_spam

June 9, 2008 | Filed Under Market trends, Spam | Leave a Comment 

When Malware becomes Crimeware

Now, without wanting to necessarily start an official book club – there are enough in the world without me getting into the act. I have had the opportunity in the past few weeks to read a couple of security focused books that I thought you may well be interested in and benefit from.  They both focus on the evolution of ‘malware’ into ‘crimeware’.  ‘Crimeware – understanding new attacks and defences’ is by Markus Jakobsson and Zulfikar Ramzan (www.informit.com/aw).  It is very comprehensive in its scope and helps the expert, and not so expert, understand and prevent specific crimeware threats.  What is does well is to explain how, from a technical standpoint, malware can and is used for the purposes of crimeware.  Zulfikar Ramzan is a colleague of mine here at Symantec and he has also roped in some other members of the team to help with some of the chapters. 

‘Zero Day Threat’, by Byron Acohido and Jon Swartz (www.sterlingpublishing.com), provides a further insight into the developing world of crimeware.  The authors are journalists with USA Today and they neatly manage to intertwine a narrative of a real-life ‘bust’ of an author of crimeware in Canada, whilst outlining the failures of Banks and Credit Bureaus to keep people save from crimeware.  It provides a good and thought provoking overview of what is and potentially could happen, without descending into the realms of deep technical analysis.

May 28, 2008 | Filed Under Data loss, Market trends, Security, Spam | Leave a Comment