Tag Archives: bots

671 Percent Increase in Malicious Web Sites

Malicious websites grew 233% in the last six months and 671% in the last year, stares Websense Security Labs. This was partly because of the spread  Gumblar, Beladen and Nine Ball attacks which aimed to compromise trusted and known Web sites.

Web 2.0 sites are the worst effected target as 95% of blog comments, chat rooms and message boards are malicious.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web” said Websense Chief Technology Officer Dan Hubbard “and have heightened their attacks on popular Web 2.0 sites.”

The top 100 most visited Web properties, which are “Social Networking” or “Search” sites states Websense.

77% of sites with malicious code are legitimate sites have been compromised by fraudsters exploiting the inherent trust in a business.

61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims to malicious sites.

The term ”malicious” typically refers to links that have specific, hidden exploits that target a user’s computer.

The next million most visited sites are primarily current event and news sites and are more regionaland genre-focused.

37 percent of malicious Web attacks included data-stealing code, 57 percent of data-stealing attacks are conducted over the web in the first half of 2009.

85.6% of all unwanted emails contained links to spam and/or malicious Web sites and 57% of data-stealing attacks are conducted over the Web. In June virus infected emails rose 600% over May.

An analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs bi-annual “State of Internet Security” report.

Daily Websense® Security Labs™ Websense ThreatSeeker™ Network parses more than one billion pieces

of content and over 40 million websites hourly for malicious code and ten million emails. The Websense ThreatSeeker Network uses more than 50 million real-time data collecting systems.

YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks. Hate or militant content on Facebook and other popular Web 2.0 sites like YouTube, Yahoo! Groups and Google Groups.

Cyber terrorism (militancy and extremists Web sites)  increased 326 percent increase in increased 326% from January through May 2009 over the same period in 2008.

Websense tracks about15,000 hate and militancy sites, with 1,000 added in he first six months of this year.

78 percent of new Web pages discovered in the first half of 2009 with objectionable content (e.g. Sex, Adult Content, Gambling, Drugs)  and  69 percent of all Web pages with any objectionable content link served malicious content.

Sex, advertisements, business and economy, IT, and travel made up the most commonly

compromised categories of Web content. 50 percent of Web pages with a link categorized as “Sex” also have at least one malicious link.

The three most popular topics for spam remained shopping (28 percent), cosmetics (18.4 percent) and

medical (11.9 percent.)  However, over the last six months, education accounted 9.5 percent of spam.

and could be attributed to the recession.

“Spammers have been targeting the unemployed who are looking to re-train or gain qualifications to help their job prospects” states Websense.

Malware Pandemic

A record five million new malware threats were detected in third quarter of 2009 according to the Cloud Security firm, Panda Security.
Trojans accounted for 71 percent of all new malware between July and September 2009. Adware (13 percent) and spyware (9 percent) have also all increased, while traditional viruses and worms have decreased to 2 percent of the total.

SAdly, thw weak lin is still the individual user who fails to apply basic net safety rules or applies commonsense when an impressive sounding phishing scam asks for bank details.

malware detected

PandaLabs has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
The global infection rate on computers rose to 59% states Panda Security. Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

“Spyware has increased for the first time this year, rising from 6.90% to 9.16%. Adware however has decreased slightly from 16.37% to 13.13%, yet it was still the second most detected malware category this year” according to the quarterly report.
“We currently receive approximately 50,000 new samples of malware every day, compared to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.
There has been a marked increase in malware distributed through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages where malware is downloaded. These exploit topical issues like swine flu, Independence Day, forest fires or Presidential speeches by Barack Obama.
“There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms” said According to Luis Corrons, Technical Director of PandaLabs, According to Panda’s U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses.
“This is a clear sign that hackers are becoming more and more sophisticated,” said Corrons.
“Cybercriminals have found news ways to spread their creations, frequently exploiting the latest news stories to launch attacks through social networks, videos, and email. The huge amount of Trojans in circulation is due to the spectacular increase in the number of banker Trojans aimed at stealing user data.”
The global infection rate on computers rose to 59% states Panda Security.  Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. U.S. ranks ninth with an infection ratio of 58.25. The country with the least infections is Norway at 39.60 percent.

infected PCs

Why Does Spam Work?

The cost of spam

Spam works because about one out of six respond to messages suspect are spam survey data by the Messaging Anti-Abuse Working Group, an anti-spam trade organization (MAAWG).

Although, about 17% admitted it was a mistake, curiosity seems to play into the hands of spammers. Twelve percent were interested in the product or service, and 13% don’t know why they acted on the message. Six percent “wanted to see what would happen.”

The survey of 800 people in the U.S. and Canada who admitted they were not ‘internet experts’ about 80 percent of users doubted their computers were at risk of ever being infected with a “bot.” This is alarming as covertly planted viruses capable of sending spam are responsible for generating much of today’s illegitimate email.

The problem is not limited to email spam. In a recent banking phishing spam atcacking LibertyBank, an automated phone message claimed”Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department.”

Customers who pressed “1” were asked to enter their credit/debit card number and personal identification number. Sadly people fell for it.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection” said MAAWG Chair Michael O’Reirdan.

“Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems.”

“Bots, or malware running on users’ computers without their knowledge, are responsible for generating up to 90 percent of spam and can also be used to steal personal information or take part in DDOS (distributed denial of service) attacks” states MAAWG.  cmsconnect.com  estimates the lost time to be nearly 50 hours per employee and almost $1000 per person per year.

Spam is now major bandwidth gobbling headache for service providers and the growing problem of bot infestations contributing to spam, identity theft and online fraud.

No longer is a spammer the seedy lone money grabbing sneak hiding in the attic. In 2007 “a flood of junk messages was thrown at the e-mail server of the [Estonian] Parliament, shutting it down.” This is why a CMS white paper reccommended country of origin email filtering to reduce spam 50-80%.

As spammers use automated systems to constantly collect email addresses, 24 hours a day and 365 days a year it sometimes seems you are doomed to receive a pile of email 95% promoting MLM and the rest suggesting have such a low IQ that you will give your bank details to a non entity at the north pole.

“Spam is also getting globalised as Brazil, Russia, India and China are among the biggest emerging broadband markets worldwide and as such offer a tremendous opportunity for cybercrime ” states Emirates Business 24/7.

Most  users are familiar with general email-based threats but not necessarily proactively protecting themselves sufficiently.

How will we stop spam when we are such easy targets? Even though 12% claimed they were “very” or “somewhat” experienced with Internet security opened spam before deleting it, while 11% called themselves inexperienced who also opened spam.

Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

About two-thirds considered themselves “very” or “somewhat” knowledgeable in Internet security. While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no preventative anti spam measures.

Yet, 12% of respondents who indicated they were “very” or “somewhat” experienced with Internet security opened spam before deleting it, compared with only 11% of respondents who called themselves inexperienced who did the same.

63 percent would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

Industry analyst Ferris Research, Inc., suggested network operators offer remote bot mitigation capabilities to differentiate their services from competitors. They also suggest refining spam filters based on the specific patterns revealed by the study.

For example, the MAAWG survey found that users between the ages of 24 and 44 are more likely to use email for banking and bill statements, so industry vendors might focus on preventing phishing spam for these consumers.

To combat bot infestations has released a series of strategies used by some of the largest ISP network operators or Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks (Version 1.0).

The report recommends:

  • While protecting users’ privacy, network operators can use tools to detect infected end-user computers, including DNS, scanning the IP space to identify vulnerable computers, and collecting IP traffic information for known command and control addresses.
  • Email, phone calls to customers, postal mail and walled gardens are common notification tools.. In-browser messages are considered to be among the most effective methods to alert customers but also can be technically challenging to implement.
  • ISPs need to maintain a well-publicized security portal that includes directions for end-user bot removal.

“Bots are a global affliction and these best practices are an important step in educating the industry on the appropriate processes to help protect consumers” said Michael O’Reirdan.

“We’re sharing the experiences of our global membership so that network operators everywhere can more aggressively tackle this problem”