Tag Archives: scam

671 Percent Increase in Malicious Web Sites

Malicious websites grew 233% in the last six months and 671% in the last year, stares Websense Security Labs. This was partly because of the spread  Gumblar, Beladen and Nine Ball attacks which aimed to compromise trusted and known Web sites.

Web 2.0 sites are the worst effected target as 95% of blog comments, chat rooms and message boards are malicious.

“The last six months have shown that malicious hackers and fraudsters go where the people are on the Web” said Websense Chief Technology Officer Dan Hubbard “and have heightened their attacks on popular Web 2.0 sites.”

The top 100 most visited Web properties, which are “Social Networking” or “Search” sites states Websense.

77% of sites with malicious code are legitimate sites have been compromised by fraudsters exploiting the inherent trust in a business.

61 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims to malicious sites.

The term ”malicious” typically refers to links that have specific, hidden exploits that target a user’s computer.

The next million most visited sites are primarily current event and news sites and are more regionaland genre-focused.

37 percent of malicious Web attacks included data-stealing code, 57 percent of data-stealing attacks are conducted over the web in the first half of 2009.

85.6% of all unwanted emails contained links to spam and/or malicious Web sites and 57% of data-stealing attacks are conducted over the Web. In June virus infected emails rose 600% over May.

An analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs bi-annual “State of Internet Security” report.

Daily Websense® Security Labs™ Websense ThreatSeeker™ Network parses more than one billion pieces

of content and over 40 million websites hourly for malicious code and ten million emails. The Websense ThreatSeeker Network uses more than 50 million real-time data collecting systems.

YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks. Hate or militant content on Facebook and other popular Web 2.0 sites like YouTube, Yahoo! Groups and Google Groups.

Cyber terrorism (militancy and extremists Web sites)  increased 326 percent increase in increased 326% from January through May 2009 over the same period in 2008.

Websense tracks about15,000 hate and militancy sites, with 1,000 added in he first six months of this year.

78 percent of new Web pages discovered in the first half of 2009 with objectionable content (e.g. Sex, Adult Content, Gambling, Drugs)  and  69 percent of all Web pages with any objectionable content link served malicious content.

Sex, advertisements, business and economy, IT, and travel made up the most commonly

compromised categories of Web content. 50 percent of Web pages with a link categorized as “Sex” also have at least one malicious link.

The three most popular topics for spam remained shopping (28 percent), cosmetics (18.4 percent) and

medical (11.9 percent.)  However, over the last six months, education accounted 9.5 percent of spam.

and could be attributed to the recession.

“Spammers have been targeting the unemployed who are looking to re-train or gain qualifications to help their job prospects” states Websense.

Advertisements

Cybercrime Hits Smaller Business

security1

Heartland Payment Systems, Radisson Hotels and Network Solutions have made news because of data breaches. In 2008 285 million records were compromised according to the 2009 Data Breach Investigations Report by the Verizon Business Investigative Response Team.

However, the Federal Deposit Insurance corporation (FDIC) reports that online crime is attacking small and medium sized businesses and fraudulently draining funds from their bank accounts.

In a recent podcast with Doug Johnson Senior Policy Analyst for the American Bankers Association noted that although it is hard “get a fix on the exact number” “law enforcement and institutions have really seen the exploit migrate from large businesses to small businesses”.

Smaller businesses may not be aware of this type of fraud or know how to protect themselves.

Johnson recommends authentication at the business customer level and educating customers about how to protect themselves.

“It starts very cagily by the fraudsters, mostly from Eastern Europe, doing some social intelligence associated with the business” said Johnson “ so they might know who the CFO is, or they might know who someone in HR is or what have you, or in IT.”

“Then they will send an email, which might be a Microsoft update for instance, or some other thing, which that particular individual would be aware of. The CFO might get something that purportedly is coming from the Better Business Bureau, for instance, things of that nature.”

In other words, an email that looks legitimate or expected may be a bait.

security-breach

Recently, the Rippoff Report pointed out that Two-thirds used the sender’s name to gauge whether a mail was spam, 45% looked at the subject line and 22% use “visual indicators.” About 3% relied on the time a message was sent to judge if it was legitimate.

As technology improves judging an email on visual clues can be problematic.  Businesses obviously need to avoid clicking links in these emails.

“I think that it is not unusual for business customers to in their busy day not even think about the emails that they are clicking on” he said.

Chris Novak, managing principal at Verizon Business Investigative Response Team describes online security as a “kind of cat and mouse game “ requiring vigilance over a continually evolving threat.

Mr Novak has investigated criminal and civil data breaches for over a decade.

“I think the biggest thing is the evolution of malware. We are seeing that the malware is getting more advanced, and the hackers — particularly the organized crime groups – they actually have development teams” he said.

“Some of the malware is purposely built just for one specific victim environment, and the hackers have the capability to do that.”

Novak expresses concern that people think there are just a few types of malware that viral protection can handle.

“Malware is evolving rapidly with added capabilities that may frighten some people he said.

“The key piece if really making sure that you stay up on the latest and greatest threat information to know what you need to do protect yourself.”

Fortunately the recent big name security breaches demonstrated that event monitoring and log analysis revealed what was happening in 82% of cases. To be effective this requires a combination of people, processes and technology.

Novak expressed concern that people have developed an over reliance on technology.

“The problem with a lot of that is, like most technology, it is pre-configured to understand certain things and detect certain threats, but for the most part it is based on what’s been programmed into and how it has been configured.”

“In a lot of cases, you need a backup to technology of those appliances with people resources that can look at it and kind of do sanity check on it and say ‘You know what, this doesn’t look right. Someone logged into their bank account 7000 times today, and that is probably a problem.’ Sometimes the technology picks up things like that, and sometimes it doesn’t.”

Data can be moved in and out of an environment so quickly, which is why monitoring is so important.

“The biggest breaches that we’ve ever investigated took place in 24-to-48 hours. That’s all the hacker needed, depending on how organized they were.”

Is Vinefire A Scam?

vinefire_charlie Chaplin

Vinefire claims to offer a referral benefit of $10 for every person you refer, 50% commission on their earnings and paid rewards of $.23for every link you click, $0.08 vote on and on every positive vote you receive for your own links you receive $0.02. On top of this you receive $0.90 for following the links of the sites major sponsors. [[Post addendum; Since writing this review, the three sponsor links previously found on the Vinefire homepage are no longer found.]]

Sounds to good to be true?

Well this is what Vinefire writes in its fine print:

Vinefire is currently in “beta” mode and is not yet sending payments. Your earnings will accumulate until we pay out. In fact, those earnings may go up or down based on the success of the Vinefire website. ….. Our ultimate goal is to have Vinefire get acquired by a much larger company and the payouts will come shortly after (and from the proceeds of) that sale. We expect that sale to happen within the next 6 to 8 months…but it could be even sooner.”

In other words you might get paid, if the site is bought out and the claimed earnings mean little. Nevertheless, Vinefire offers live embedded coding so you can advertise how much you have earned on your website.

Join Vinefire!

“Some active Vinefire members may receive a partial or full payment from their earnings balance before Vinefire is acquired” says Vinefire.

“We may be moving the first payout to June 1, 2009…based on certain conditions. More on that coming soon” wrote Vinefire in an email to its members.

Now there have been reports of some people being paid – however, these reports seem to be suspiciously hard to confirm. If true, they are not being advertised on Vinefire. A few pictures of paid member happy smiling faces would be good ad copy after all. A number of reviewers have even accused the site of manufacturing this as an advertising ploy. To be fair I have no proof these allegations are true and could simply be a product of the over imaginative minds of people trying to generate referrals. The referral link does not seem to have a unique member identifier so I cannot see how you can be paid for referrals anyway.

Either way, the World Law Direct Forum it has been suggested that the old Wealthtoolbox.com scam now redirects to Vinefire.com.

Some sites haveclaimed you can make $100, even $600 a day. However daily earnings are capped to $25 per day which suggests either dishonesty in company advetising or some thirsd parties, hoping to inflate potential referal incomes are overstating the facts.

So what about the free advertising? Certainly the concept of a rotating notice board for links that are voted on sounds good. Sadly, Vinefire has been used by people who use automatic site submitters – often advertised on Vinefire, to have multiple accounts. You can spot them a mile away when the same business is advertised about 10 times in a row with consecutive numbering after each different advertisement. Then there are the porn sites – now admittedly they seem to get voted down quickly, which brings me to another problem for a site promoting advertising.

(Post addendum: In July 2009 Vinefire added reCAPTCHA in the site posting protool which forces people to insert randomly selected text. This perhaps suggests that Vinefire is endeavouring to develop a serious web opportunity).

You can vote for a site without ever checking the link. Handy if like me you get annoyed with the massive auto-posting uploaded there and you don’t want to look at the same site 10 times over. Of course you can just ignore it – however you get ‘paid’ if you vote for a site. I know I sent test ads that were never checked but were voted as ‘good’ earning me 2 cents a time. They do have a policy against robotic posting. However, it does not seem to be working.

So what is my conclusion?

Well you might get one or two clicks to your web pages however, for the time you will spend trying to click up your daily $25 I suggest your chances of marketable success is at best 50/50 (and thats being hopeful). There is one thing in its favor – it can be addictive fun, so if you want to have a laugh, then join.

Why not?

However, if you’re after serious money though, perhaps you need to undertake a course in advertising copy.

Domain “Whois”

The Whois information for a website lists the owner and their contact information. The owner of “Vinefire” has purposely made their Whois information private. While not always a problem it make it hard to check the sites credentials and may mean they have something to hide.