SPAMfighter News

Phishing and Spam Escalating to Newer Peaks

Fri, 20 Nov 2009 13:34:50 GMT

According to the new State of Spam and Phishing Report from security company Symantec issued on November 9, 2009, over 90% of the total electronic mails are either phishing or spam messages.

Symantec states in its report that increasing number of spam mails are presently emerging from Asia-Pacific and Japan, and based on the observations, these regions are likely to surpass earlier key offenders, North America and Europe.

Amanda Grady, Principal Analyst at Symantec, stated that increasing junk e-mails from Asia Pacific, Japan and South America weren't totally unexpected if one took into account the enormous rise in Internet connections there, as reported by V3 on November 9, 2009.

According to Symantec, while most of the spam continues to originate from Europe (28%), this has dropped 6% since June 2009. The security company also discovered in its report that spam attacks increasingly targeted people using social-networking websites, particularly Facebook.

During October 2009, phishing activities were found to have increased, as per earlier months' forecasts. The company saw a 17% rise in phishing attacks since September 2009, with 30% of all related fraudulent websites had been created with phishing toolkits, accounting for a 24% increase.

Symantec also found that non-English phishing websites increased 45% from September 2009. These websites used the hosting services of over 97 companies and they resulted in 8% of the total number of phishing attacks, but represented a 19% decline in the aggregate number of Web-host URLs in relation to September 2009.

Moreover, the company witnessed a significant rise in phishing websites created with phishing toolkits.

In the meantime, the most current trend of declining e-mail scams or phishing e-mails possibly has halted since toolkit attacks revived during October 2009, which suggests that the holiday period is approaching, Symantec stated.

Symantec in its October State of Spam report has stated that there is frequently a rough correlation between the total amount of spam mails and the condition prevailing over an economy. According to the company, spam represents the main portion (86%) of the total e-mail.

Koobface Botnet Uses Google Reader in New Attacks

Fri, 20 Nov 2009 12:35:06 GMT

According to Trend Micro, the Koobface botnet is up to leverage a fresh trick. It is utilizing regulated Google Reader accounts for supporting images, which end up in malware.

A web-based news reader, Google Reader, is a public shared utility through which surfers exchange web-links with others.

Security researchers said - during the abovementioned assault, the perpetrators of Koobface send spam mails that take users to hijacked web-pages of Google Reader, while the criminals utilize its regulated accounts for supporting URLs that carry a picture imitating a flash video. To spam these URLs, the perpetrators resort to social-networking websites like MySpace, Twitter and Facebook.

If users click on any of the bogus videos placed on a compromised web-page, it redirects the entire traffic to a bogus YouTube page. This YouTube page hosts koobface, attempts to install malware and executes an exploit remotely.

Rik Ferguson, Senior Security Advisor at Trend Micro, states that there is a little difference in the new attack from the normal Koobface assaults that emerged earlier in 2009, as reported by V3 on November 10, 2009. According to the security company, an estimated 1,300 accounts have been under the hackers' control.

Moreover, the security researchers state that malicious programs creators are yet again exploiting the names of established entities like Google.com so that they can acquire their victims' trust. According to Ferguson, cyber criminals are exploiting Google's trustworthiness by using Google Reader to conceal their vicious URLs.

He continues that the tactic is a fresh turn to the usual Koobface attack as it suggests victims to download up-to-date Adobe Flash programs so that they can watch a movie, apparently being exchanged on the website of Google Reader.

Additionally, the researchers say that the virus along with its botnet has become infamous within the industry as it has been persistently attacking social-networking websites, first targeting Facebook and MySpace in 2008 and now, Twitter in 2009.

The recent infringement once again demonstrates blackhat hackers' increased inclination towards cloud computing in launching attacks that even puts Google in danger, the investigators opine.

Hackers Compromised Media-server.net in Code Injection Campaign

Fri, 20 Nov 2009 12:34:18 GMT

According to Websense's Security Labs, 'media-servers.net', a website of an established Internet media company, has become a victim of hack after cyber attackers recently targeted it in a malevolent code injection campaign. In fact, the campaign has compromised numerous genuine websites.

The attack has been happening for last many months, Websense said. To begin with, it scrutinizes online sites for security flaws or vulnerable codes, and if detected, it would inject malicious Iframes into the sites that deliver different payloads.

Till November 9, 2009, the payloads that have attacked users visiting the infected websites comprise three Microsoft flaws - Snapshot Viewer flaws, Data Access Components, and DirectShow. Apart from the exploits of Microsoft, there are two exploits, which target Adobe Acrobat and Adobe Reader along with heap based overflow exploits from AOL ConvertFile().

Confirming the incident, Carl Leonard, Websense Security Labs Manager, stated that the attack indeed depended on security flaws in poorly secured websites, as reported by The Tech Herald on November 9, 2009. Leonard added that the conmen hunted for these flaws and then abused them to insert malevolent scripts inside the websites so that they could compromise unsuspecting visitors while the latter remained unaware of the drive-by assault.

Standard anti-viruses have very low potential to detect the malicious script, according to the researchers at Websense. According to Leonard, merely 2 out of 40 antivirus agencies presently could detect the script after it has been downloaded, as reported by ComputerWeekly on November 9, 2009.

Recommending that Internet users should deploy efficient security software, Leonard stated that users must utilize real-time protection against the threats at the very outset, evading infection along with preventing it from spreading. Moreover, website administrators must as well examine their codes, while ensuring that they are up-to-date and error free.

Security researchers further stated that such attacks weren't new. During March 2008, more than 29,000 websites were attacked with an analogous injection assault, which aimed at Trend Micro and several other legitimate websites. The purpose then was to seize Internet gaming passwords and website credentials.

MySpace Spoofed Spam Mails Install Malware

Fri, 20 Nov 2009 09:43:46 GMT

According to the University of Alabama (UAB) at Birmingham, spammers are distributing malicious e-mails posing as messages from MySpace and taking unwitting users onto web-pages, which download a PC worm that deceptively seizes online banking credentials along with more personal details from the victims.

Internet security researchers hitherto have already traced names of over 30 websites that are related to this attack. All of them start with 'accounts.myspace.com' and finish with '.uk,' the code domain representing the country of United Kingdom.

Gary Warner, Research Director of Computer Forensics at the University of Alabama, states that fraudulent MySpace e-mails direct recipients to confirm details of their accounts through a web-link embedded in the spam mails, as reported by UAB on November 9, 2009.

However, the link actually connects end-users to a spoofed MySpace login page, where a download is presented named 'MySpace Update Tool.' Warner also states that this download in reality installs malware on end-users' systems.

He explains that the attack miscreants convince users that they are on the original website, by displaying a login page, which is actually phony, and encouraging them to enter their login credentials.

Furthermore, it is not that the criminals actually want users' MySpace login details rather their objective is to win users' confidence so that they would follow the criminals' instructions regarding the download, said Warner. If anyone clicked on the download, the virus ZBot would download, which tries to seize users' banking passwords along with their financial and other private details.

According to Warner, the spam outbreak almost the same as the one unleashed during the latter half of October 2009 aimed at users of Facebook. That attack spread via a minimum 242 separate scam websites mimicking Facebook.com till the final Website was blocked some 5 days later, Warner adds, as reported by The Washington Post on November 9, 2009.

Hence, users are suggested that they exercise extra caution against dubious looking attachments, particularly if they request for password reset, as no genuine website would ever dispatch a password-resetting attachment.

Computer Viruses ‘Taterf ‘and ‘Conficker’ Spread Unabated

Fri, 20 Nov 2009 09:43:08 GMT

According to security experts in the United States, computer worms 'Taterf' and 'Conficker' continue to attack vigorously even after a year has passed since their debut.

Eric Sites, Chief Technology Officer, Sunbelt Software (an antivirus company) said that it might not be possible to stop the viruses, but if only every user followed the best security practices, all viruses and worms could be eradicated, as reported by UPI on November 9, 2009.

The United States is experiencing a rise in viruses' potential to proliferate their Web-based robbery of passwords and personal information. There has been an incessant rise in the the distribution of fake security programs. All these critical evaluations become authentic when Microsoft, the software giant, revealed the numerous detections and removals of Taterf and Conficker from Windows-based PCs, rising 98.4% during the first half of 2009.

According to the security experts, the malware's infection proliferates through infected music players, memory sticks, camcorders, smart-phones and cameras when they are attached to the ports/USB (universal serial bus) of modern computers.

While law enforcement and security companies together are closely monitoring the malware situation, still both Taterf and Conficker continue to drastically escalate their Web-wide robbery.

The worms are proliferating with the maximum efficacy across corporate networks, emphasizing the fact that use of Internet for commercial purposes could be risky. In spite of the creation of the Internet some 40 years back for only data exchanges, organizations and enterprises are utilizing it more and more for businesses. Consequently, an ideal situation has been created for Taterf and Conficker to flourish.

Additionally, Conficker, which inflicted the Internet in early 2009, was found as extremely destructive; consequently, computer software and security companies formed a task-force for fighting it out. Taterf and Conficker have crept inside massive number of computers.

While Conficker is possibly one PC virus known by far the widest, yet systems keep getting contaminated with it. Evidently, during the year just after its emergence, the worm has been traced to spread to no less than 7 Million systems, security researchers say.