Category Archives: Malware

671 Percent Increase in Malicious Web Sites

Malicious websites grew 233% in the last six months and 671% in the last year, stares Websense Security Labs. This was partly because of the spread  Gumblar, Beladen and Nine Ball attacks which aimed to compromise trusted and known Web sites.

Web 2.0 sites are the worst effected target as 95% of blog comments, chat rooms and message boards are malicious.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web” said Websense Chief Technology Officer Dan Hubbard “and have heightened their attacks on popular Web 2.0 sites.”

The top 100 most visited Web properties, which are “Social Networking” or “Search” sites states Websense.

77% of sites with malicious code are legitimate sites have been compromised by fraudsters exploiting the inherent trust in a business.

61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims to malicious sites.

The term ”malicious” typically refers to links that have specific, hidden exploits that target a user’s computer.

The next million most visited sites are primarily current event and news sites and are more regionaland genre-focused.

37 percent of malicious Web attacks included data-stealing code, 57 percent of data-stealing attacks are conducted over the web in the first half of 2009.

85.6% of all unwanted emails contained links to spam and/or malicious Web sites and 57% of data-stealing attacks are conducted over the Web. In June virus infected emails rose 600% over May.

An analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs bi-annual “State of Internet Security” report.

Daily Websense® Security Labs™ Websense ThreatSeeker™ Network parses more than one billion pieces

of content and over 40 million websites hourly for malicious code and ten million emails. The Websense ThreatSeeker Network uses more than 50 million real-time data collecting systems.

YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks. Hate or militant content on Facebook and other popular Web 2.0 sites like YouTube, Yahoo! Groups and Google Groups.

Cyber terrorism (militancy and extremists Web sites)  increased 326 percent increase in increased 326% from January through May 2009 over the same period in 2008.

Websense tracks about15,000 hate and militancy sites, with 1,000 added in he first six months of this year.

78 percent of new Web pages discovered in the first half of 2009 with objectionable content (e.g. Sex, Adult Content, Gambling, Drugs)  and  69 percent of all Web pages with any objectionable content link served malicious content.

Sex, advertisements, business and economy, IT, and travel made up the most commonly

compromised categories of Web content. 50 percent of Web pages with a link categorized as “Sex” also have at least one malicious link.

The three most popular topics for spam remained shopping (28 percent), cosmetics (18.4 percent) and

medical (11.9 percent.)  However, over the last six months, education accounted 9.5 percent of spam.

and could be attributed to the recession.

“Spammers have been targeting the unemployed who are looking to re-train or gain qualifications to help their job prospects” states Websense.


Cybercrime Hits Smaller Business


Heartland Payment Systems, Radisson Hotels and Network Solutions have made news because of data breaches. In 2008 285 million records were compromised according to the 2009 Data Breach Investigations Report by the Verizon Business Investigative Response Team.

However, the Federal Deposit Insurance corporation (FDIC) reports that online crime is attacking small and medium sized businesses and fraudulently draining funds from their bank accounts.

In a recent podcast with Doug Johnson Senior Policy Analyst for the American Bankers Association noted that although it is hard “get a fix on the exact number” “law enforcement and institutions have really seen the exploit migrate from large businesses to small businesses”.

Smaller businesses may not be aware of this type of fraud or know how to protect themselves.

Johnson recommends authentication at the business customer level and educating customers about how to protect themselves.

“It starts very cagily by the fraudsters, mostly from Eastern Europe, doing some social intelligence associated with the business” said Johnson “ so they might know who the CFO is, or they might know who someone in HR is or what have you, or in IT.”

“Then they will send an email, which might be a Microsoft update for instance, or some other thing, which that particular individual would be aware of. The CFO might get something that purportedly is coming from the Better Business Bureau, for instance, things of that nature.”

In other words, an email that looks legitimate or expected may be a bait.


Recently, the Rippoff Report pointed out that Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

As technology improves judging an email on visual clues can be problematic.  Businesses obviously need to avoid clicking links in these emails.

“I think that it is not unusual for business customers to in their busy day not even think about the emails that they are clicking on” he said.

Chris Novak, managing principal at Verizon Business Investigative Response Team describes online security as a “kind of cat and mouse game “ requiring vigilance over a continually evolving threat.

Mr Novak has investigated criminal and civil data breaches for over a decade.

“I think the biggest thing is the evolution of malware. We are seeing that the malware is getting more advanced, and the hackers — particularly the organized crime groups – they actually have development teams” he said.

“Some of the malware is purposely built just for one specific victim environment, and the hackers have the capability to do that.”

Novak expresses concern that people think there are just a few types of malware that viral protection can handle.

“Malware is evolving rapidly with added capabilities that may frighten some people he said.

“The key piece if really making sure that you stay up on the latest and greatest threat information to know what you need to do protect yourself.”

Fortunately the recent big name security breaches demonstrated that event monitoring and log analysis revealed what was happening in 82% of cases. To be effective this requires a combination of people, processes and technology.

Novak expressed concern that people have developed an over reliance on technology.

“The problem with a lot of that is, like most technology, it is pre-configured to understand certain things and detect certain threats, but for the most part it is based on what’s been programmed into and how it has been configured.”

“In a lot of cases, you need a backup to technology of those appliances with people resources that can look at it and kind of do sanity check on it and say ‘You know what, this doesn’t look right. Someone logged into their bank account 7000 times today, and that is probably a problem.’ Sometimes the technology picks up things like that, and sometimes it doesn’t.”

Data can be moved in and out of an environment so quickly, which is why monitoring is so important.

“The biggest breaches that we’ve ever investigated took place in 24-to-48 hours. That’s all the hacker needed, depending on how organized they were.”

Spam Alert

stance against spam

“Even in challenging economic times, spammers continue to plague businesses with unprecedented levels of unsolicited mail and push them to spend valuable bandwidth and resources on dealing with spam,” said MessageLabs Intelligence Senior Analyst, Symantec, Paul Wood.

“For Australian businesses, more than ninety percent of all emails are now unwanted, however as email is the prime communication channel for businesses today, keeping email secure and functional is critical to business success.”

In the Sydney suburb of Auburn, spam levels reached 94.1%, making it Australia’s most spammed suburb.

In Australia, the most spammed areas have higher density of small-to-medium sized businesses. The least effected have the largest companies.

World wide, Sophos discovers 23,500 new infected webpages every day. That’s one every 3.6 seconds, four times worse than in 2007.

“15 new bogus anti-virus vendor websites are discovered every day” states Sophos. .”This number has tripled, up from an average of five detected per day, during 2008”.

“Financially motivated cybercriminals are turning their attention to Web 2.0 platforms such as Facebook and Twitter and alternative programs and tools such as Adobe Flash and PDFs.”

Between four million and six million computers worldwide  the globe have been compromised without the user’s knowledge states MessageLabs Intelligence.

“These computers now form robotic networks – Botnets, which are controlled by cybercriminals and used to send out more than 87% of all unsolicited mail, equating to approximately 151 billion emails a day.

89.7% of business email is spam. In September, globally the spam rate is 86.4%, Australia’s spam rate is 90.7%.

“Spammers have preferred professions, with the Engineering and Education sector being top targets globally with spam levels reaching more than 93%” states MessageLabs Intelligence.

In Australia  Healthcare has a  93.5% spam rate, Wholesale 92.1%, Minerals/Fuel 91.0%,  Professional Services 90.9%

Communication enhancing and information gathering technology has given hackers opportunities to attack businesses.

Sophos receives 40,000 unique suspicious files every day — accounting for 28 unique files every minute, 24 hours a day. Independent testing agency,, currently counts over 22.5 million unique samples of malware in its collection — compared to 12.3 million in June 2008, demonstrating that the scale of the problem has almost doubled.

spam mailing list

The importance of good email security is highlighted by the spread of botnet infections.

“Botnets are now responsible for distributing 87.9% of all spam” states MessageLabs Intelligence.

“Approximately 151 billion unsolicited messages each day being distributed by compromised computers.

MessageLabs lists a number of ISP’s that were closed for hosting botnet activity: September 20, 2008 California Intercage (California) followed shortly after by McColo (California). After which “spam originating from Srizbi, Rustock and Mega-D all took a nosedive. Until then, Srizbi had been responsible for as much as 50% of all global spam”

Following the demise of these ISPs in 2008, additional ISPs were taken down as recently In June Pricewert in the U.S and on August 1,2009, Real Host in Latvia, were closed.

The take-down of Real Host saw spam levels temporarily drop by 38% according to Messagelabs.

“Real host was believed to have hosted the command-and-control centres of the Cutwail botnet (also known as Pandex or Pushdo), which is responsible for about 15 to 20 per cent of the spam sent out worldwide” states the virus bulletin.

Typically websites whose sole purpose is to distribute malware arereached through redirection scripts and links from other legitimate websites, such as links posted on social networking websites, malicious or compromised banner advertising, hyperlinks posted in spam emails and hyperlinks shared over instant messaging traffic” states messagelabs.

“The typical profile of these sites indicates that they have been registered up to three months before first being blocked for hosting malicious content.” It is no surprise that Google ranks domains registered for more than a year more favourably.

“A relatively large proportion of them (approximately 29%) are taken down after just one day; 40% are removed within two days; and 65% within one week. Generally, 90% of “young” malicious domains are taken down within 38 days.”

To enhance the effectiveness of their short term web life URL-shortening services have been exploited and account for more than 9% of all spam.

However, MessageLabs Intelligence states, “80 percent of domains being blocked as malicious for serving up malware are in fact compromised, legitimate websites”. Removing a young obviously malicious server is relatively easy so it is obvious why a spammer would like to compromise an established site.

How To Stop Spam?

Protect your email address – Be careful where you use your primary email address on the net.

Watch out for the checkboxes –opt out of being contacted by third parties as you don’t know who will get your email address.

Don’t use the reply, remove or forward options – Using these features tells a spammer you are real and validates your email address.

Use an unusual name – An email address with numbers or is less likely to receive spam.

“Spammers often use directories of common names to guess email addresses” states MessageLabs.

Avoid clicking on any links in spam messages – the addresses of links are frequently disguised intending to confirm your existence to spammers. This can also include the unsubscribe links.

Avoid downloading pictures in spam email – Even in the preview pane pictures these can identify you. Block images, or view emails in text format.

Use a Good spam filter – Stop it from getting into your inbox in the first place.

According to the virus bulletin released September 21, Alwil‘s avast!, BitDefender, ESET‘s NOD32, F-Secure, G DATA, MicroWorld‘s eScan and Symantec‘s Norton were top achievers at detecting malicious samples, rated the highest ranking of ‘Advanced+’..

Tested with two sets of malicious samples, split into two sets with one containing sample representing the last 7 months, and the other the preceding twelve months.  The results are balanced against false positives.

Ranking highly in the ‘Advanced’ classification were AVG, Avira, Kaspersky, McAfee and Trustport. Avira, McAfee and Trustport had high detection rates but ranked lower because of  false alarms.

Microsoft‘s solution, rated as ‘Standard’, Kingsoft, Norman and Sophos ranked only ‘Tested’  Sophos‘ scored low because of a relatively high false positive rate, sated the Virus Bulletin.

Malware and Phishing Scams Increase


Beware Cybercriminals are not going to stop looking for ways to enhance their e-threats

 Vlad Vâlceanu

Spam is increasing and is intended to lure you into visiting a Web site, downloading spyware or adware, or worse.

What have been the big problems in 2009?


“Malware writing is becoming increasingly more professional – shaped after corporate models” states security sotware developer BitDefender®.

A sharp rise in HTML newsletter-impersonating spam and web 2.0 phishing attempts occurred between January and June 2009 stated BitDefender®.

Malware infect computer users in order to obtain direct financial gain and/or to seize control of a computer.

Trojan-type infections accounted for 83 percent of malware and is rising states BitDefender®.

However, the Downadup Internet worm caused the most damage to users, infecting a record estimated 11 million computers worldwide. Downadup is still a threat that attempts to gain access to file shares on a network.

“The Internet is one of the most important communications vehicles – used for business, schooling and leisure” said Vlad Vâlceanu, head of BitDefender® Antispam Research Lab.

“It has also become a channel for criminals to gain access to a vast number of computer systems, financial data and information” he said.

Cybercriminals are becoming increasing sophisticated and it is essential computer users have security.

Nations most effected by malware were China, France,the United States, Romania, Spain and Australia states BitDefender®.


Image Based Spam

Text-based spam accounted for 80 percent this year compared to 70 percent for the same period in 2008 said BitDefender®.

“Image spam increased 150 percent since the first half of 2008”

In  HTML newsletter-impersonating spam, downloadable images mimicking a reputable firm are included to trick users into accepting messages blocked by the email client

“The use of images in those phishing exploits is so correct and accurate that the user doesn’t realize when [is not from] an eBay or Citibank or whatever,” said Scott Petry founder of messaging management vendor Postini.

“On days when image spam is spreading at its peak capacity, the global bandwidth and storage consumed by spam grows by more than 70%” states email security vendor Commtouch Software.  

“The average image spam message is 19 KB, more than three times the size of a standard spam message” states vendor Commtouch.

The “vast majority” of image spam is used in stock-scam messages Dmitri Allperovitch from CipherTrust.

Pink-sheet stocks are publicized to raise their value and the spammer then sells the stock for a profit.

Companies should carefully monitor the volume of incoming messages with image attachments” said Scott Petry of Postini.

“You don’t want those messages to undermine the availability of data in your enterprise,” he said.

“If a significant portion of those messages aren’t being blocked, it may be wise to restrict the delivery of certain image-based messages.”

“It might mean some grumpy users, but at least the mail server will remain up and running” said Petry.

Web 2.0 phishing

Phishing messages accounted for 7 percent of spam the first half of 2009 states BitDefender®. The United States, Canada the United Kingdom and Russia were most effected.

Most web 2.0 phishing exploited user naivety.

In the Twitter Porn Name scam, users were invited to reveal their pet name the first street on which they lived. These names are often the answers to website security questions.

With a person’s username along with these “clues” the criminal can obtain a password to later send spam or access transactions. They may demand ransom for release of the hijacked account.

Commonly identity fraud is used in the names of the Bank of America, Paypal or Abbey.

Monthly over 55,000 users fall victim to phishing Scams said Bitdefender. A total of 330,000 users were effected in the first six months of 2009.

“Unlike malware, phishing and spam are universal e-threats – they work on any computer, regardless of their operating systems and security patches” states Vâlceanu.