Botnets, Worms, Viruses, and Zombies

[waltky]

Watch out for the bug in your Valentine...

FBI Warns About Virus-Laden Valentine's Day E-Cards
Wednesday, February 13, 2008 : The Storm Worm virus, according to IBM, has been a big success for its makers, creating a botnet that turns a big profit by spamming users worldwide. Despite the fact that the Storm Worm is a year old, computers are still being infected, and the FBI has gone so far as to warn Valentine's Day lovers of the possibility of virus-laden e-cards.

In a press release, the FBI said:

Quote:

With the holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm Worm botnet. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target. Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided.

So this means that e-card from that person you've been lusting after from afar, the one that doesn't know you exist, is probably not a good thing to open. Nothing new there in terms of the warnings; these are the typical precautions you should take all the time.

But besides these suggestions, also:

* Get an antivirus program (yes, some people still don't have one). If you can't afford one there are free ones that are quite good, like AVG and AntiVir.
* Make sure it's up to date.

Safe, virus-free and Happy Valentine's Day to all.

Source

[waltky]

Image fans beware...

Digital Frames May Contain A Virus
Feb 18, 2008 - If you purchased a digital frame recently, you might have cause for concern.

Quote:

Some digital frames were purchased with a virus in them, infecting the buyer's computer. It's the gift that keeps on giving, with a virus that is. The virus hides on digital picture frames and attaches to your computer after you download pictures to the frame.

The virus is expected to have come from China. More than 2 million frames were sold. No idea on how many of those frames were affected. The virus could be used to steal important passwords, though right now there are only reports the virus is stealing passwords for online games.

How this happened to the digital frames is unknown at this time. Retailers are saying very little about the virus. Best Buy, Sam's Club, Target, and Costco all sold virus infected digital frames. If you believe your frame has a virus, here are the numbers to call:

Best Buy: 877-467-4289
Sam's Club: 888-746-7726
Target: 800-591-3869
Costco: 955-2292

Source

[waltky]

Some tips on Identity protection...

Foil Identity Thieves
From Wired How-To Wiki

Identity theft is one of those topics that rarely leaves the headlines. Two prominent U.S. government data breaches in recent years -- a laptop stolen from the Department of Veterans Affairs, and a breach at the Energy Department -- resulted in the theft of the personal data of millions of government employees. The thefts also rejuvenated efforts in Congress to enact federal rules regarding notification, information-security and consumer-protection mechanisms.

While no federal laws resulted from the efforts, there are now 35 separate state notification laws. Citizens worried about identity theft already have limited tools available to them under these state laws -- some of which could be overridden by proposed federal legislation. It's not likely, however, that Congress will put an end to identity theft any time soon. Still, several tools are available now to individuals that reduce their risk of identity theft.

These suggestions come courtesy of Chris Hoofnagle, the former West Coast director of the Electronic Privacy Information Center, and Tom Fragala of the Identity Theft Resource Center who recently launched Truston, a do-it-yourself credit-monitoring and identity-theft recovery service. This page is a wiki. If you have additional advice, log in and add it.

Quote:

Protect Yourself From Identity Thieves

· Opt out of pre-screened credit card offerings that come in the mail by calling 888-5OPTOUT (888-567-8688). This prevents would-be identity thieves from stealing your mail and then getting credit in your name (which seems possible even if you tear the applications into pieces).

· Check your credit reports frequently. Federal law allows you to get a free credit report from each of the three credit bureaus once a year. Mark your calendar every four months and check one bureau each go-round to make sure there are no accounts in your name that you haven't opened.

· If you are on active duty in the military, you can automatically put a one-year alert on your credit reports at all three bureaus by calling one of them (Equifax at 800-525-6285, Experian at 888-397-3742, TransUnion at 800-680-7289).

· Review your credit-card, debit-card and bank statements every month. If you don't report fraudulent activity on your debit card or checking account within 60 days, your liability is not capped.

· More-vigilant citizens can place a renewable 90-day fraud alert on their credit reports for free by phone, although this is supposed to only be for people who suspect they might be victims of identity theft. Credit issuers then have to take steps to verify your identification, though they aren't required to contact you.

· Victims of identity theft should file a police report and then send a letter requesting a seven-year fraud alert on their reports. This alert requires creditors to contact you before issuing a line of credit.

· As of November 2007, all 50 states allow individuals to place credit freezes on their credit reports, which means that would-be card issuers cannot even see your report until you tell the credit bureaus to unlock it. While in many states the unlocking takes three to five days, Utah and New Jersey have taken steps to require that bureaus unlock reports in 15 minutes once you call in with your Social Security number and a PIN. For rules for your state, visit the Consumers Union website

See also:

Viruses, Malware Top the One Million Mark
Friday, April 11, 2008 - Symantec's latest bi-annual Internet Security Threat Report, released on 4/8, shows that (at least according to Symantec), the number of viruses, trojans and malware in circulation has topped one million.

Quote:

In the last six months of 2007, Symantec detected 499,811 new malicious code threats (figure 14). This is a 136 percent increase over the previous period, when 212,101 new threats were detected, and a 571 percent increase over the last half of 2006. In total, there were 711,912 new threats detected in 2007, compared to 125,243 threats in 2006, an increase of 468 percent. This brings the overall number of malicious code threats identified by Symantec to 1,122,311, as of the end of 2007. This means that almost two thirds of all malicious code threats currently detected were created during 2007.

Naturally, the vast majority of these are Windows-based threats, and many are variants of already circulating viruses. The U.S. tops the list of countries in terms of "malicious activity" by a wide margin with China second (table above). Besides saying you need an antivirus (AV) program, what else does this say? The obvious, tried-and-true warnings:

* Use an AV program and keep it updated.

* Watch out for phishing threats (BTW, the Carnegie-Mellon game is great way to learn about phishing)

* Don't open attachments from anyone you're not expecting a file from. It may look like it's coming from a friend, but they may be infected or the address may be spoofed.

Additionally, I always recommend people use AV software that has good heuristics - meaning it will detect malware not in its database. After all, with over 1 million threats, soon AV databases will need a hard drive all to themselves.

Source

[waltky]

Make sure your firewall, anti-spyware and virus protection are up to date...

New Terrorism Threat: Zombie Computers
April 11, 2008 - Zombie Computers Decried As Imminent National Threat

Quote:

Gangs of thousands of zombie home computers grinding out spam, committing fraud and overpowering websites are the most vexing net threat today, according to law enforcement and security professionals. Today's botnet herders have hundreds of thousands of computers at their command and use technically sophisticated ways to hide their headquarters, making it easy for them to make millions from spam and credit card theft. They can also be used to direct floods of fake traffic at a targeted website in order to bring down a rival, extract protection money or less frequently, used to make a political point in the case of attacks on Estonia and the Church of Scientology.

Security pros and government officials are now describing the latter attacks, known as Distributed Denial of Service attacks, as serious threats to national security -- turning packet floods against public websites into the latest face of "cyberwar" hysteria. Hence, the appearance Tuesday of a panel discussion at the RSA 2008 security conference entitled "Protecting the Homeland: Winning the Botnet Battle," which was marked by a mix of resignation, indignation and post-9/11 rhetoric.

Ronald Teixeira, the executive director of the non-profit National Cyber Security Alliance and the panel's moderator, began the discussion by describing botnets as "one of the largest threats we face on the internet today, and they can be used to attack critical infrastructure." The Department of Homeland Security's representative Jordana Siegel, who works on public awareness at the National Cyber Security Division, echoed the line that botnets were a imminent threat to the nation's security.

MORE

[waltky]

Comin' so fast ya can't keep up with `em...

Study: Internet attacks are coming faster
29 July `08 — The bad guys on the Internet are narrowing the time frame they need to unleash computer attacks that take advantage of publicly disclosed security holes, new research shows.

Quote:

More and more of these attacks are coming within 24 hours after a vulnerability is disclosed. That means security flaws are being exploited in Web browsers, computer operating systems and other programs before many people even have had time to learn there's a problem, according to IBM's latest Internet Security Systems X-Force report. The report, scheduled to be released Tuesday, looked at the first six months of 2008 and reflects two growing trends in Internet-based threats.

The first is that online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary. "The bad guys are not the ones actively finding vulnerabilities — they've shifted their business to standing on the shoulders of the security research community," Kris Lamb, operations manager for X-Force, said in an interview. "They don't have to do the hard work anymore. Their job is packaging what's been provided to them."

The second trend is that the debate among security researchers is intensifying over how much information should be released to the public when a new software flaw is discovered. Most times the researcher will wait until the affected company has released a software patch before revealing details. But sometimes researchers will release not only details of the vulnerability but also so-called "proof-of-concept" exploit code to show the flaw is legitimate.

MORE

[waltky]

Some serious penalties for hackers...

Keylogging and Spyware now felonies
Friday, September 19th, 2008 - According to InformationWeek, Congress passed a bill this week would make it a felony to use spyware or keystroke loggers to damage ten or more computers.

Quote:

The U.S. House of Representatives approved H.R. 5938, an amendment that expands the ability of the federal government to prosecute identity theft crimes and allows victims to obtain restitution for the time and money they spend trying to restore their credit. The legislation, which must be signed by President George W. Bush, allows a fine and up to five years imprisonment for spyware.

This closes a gap in existing identity theft laws that only allowed federal prosecution if the perpetrator used interstate or foreign communications to access a computer, except in cases involving federal government computers or financial institutions. If the President signs the bill into law, federal prosecutors would be able to pursue cases in which the computers of the perpetrator and victim are in the same jurisdiction.

TrustedID Identity Theft Blog: Identity Theft Protection Blog Archive Spyware and Keylogging Now Felonies

See also (original article):

Congress Extends Cybercrime Laws
September 17, 2008 - The legislation would make it a felony to use spyware or keystroke loggers to damage ten or more computers and allow up to ten years imprisonment.

Quote:

Congress passed a bill this week to crack down on cybercrime after adding an amendment containing most of an anti-spyware bill. The U.S. House of Representatives approved the bill -- H.R. 5938 -- Monday. The amendment -- part of Senate bill S. 2168 -- expands the ability of the federal government to prosecute identity theft crimes and allows victims to obtain restitution for the time and money they spend trying to restore their credit. The legislation, which must be signed by President George W. Bush, allows a fine and up to five years imprisonment for spyware.

The amendment closes a loophole on existing identity theft laws that only allowed federal prosecution if the perpetrator used interstate or foreign communications to access a computer, except in cases involving federal government computers or financial institutions. If the President signs the bill into law, federal prosecutors would be able to pursue cases in which the computers of the perpetrator and victim are in the same jurisdiction.

The amendment criminalizes the use of malicious spyware and keystroke loggers to damage a computer, by eliminating a requirement that the loss exceed $5,000 and making it a misdemeanor to send spyware that causes any loss. Perpetrators would face fines and up to one year in prison. The legislation would make it a felony to use spyware or keystroke loggers to damage ten or more computers and allow up to ten years imprisonment.

MORE

[waltky]

FTC catches a big one...

NZ man behind world's largest spam
16 Oct 2008, A Queensland-based man is being suspected as a mastermind behind largest spam operation in the world, responsible for sending out billions of unsolicited emails in recent years, according to a media report here.

Quote:

The 26-year-old Lance Atkinson from New Zealand has had his assets frozen by a US district court at the request of US Federal Trade Commission (FTC), which also succeeded in having the spam network shut down and criminal charges were expected to be laid after FTC said Atkinson's assets were frozen to "preserve them for consumer redress pending trial". Atkinson's Australian-registered company, Inet Ventures, is one of four companies targeted by FTC over the operation, which encouraged people to click through to websites that allegedly used false claims to peddle prescription drugs, as well as "male enhancement" and weight-loss pills.

The only other defendant named by FTC is Jody Smith of Texas. Atkinson and Smith allegedly controlled a "botnet" of 35,000 computers, capable of sending 10 billion email messages a day. The non-profit antispam research group SpamHaus said the network - which has ties to Australia, New Zealand, India, China and the United States - was the largest spam operation in the world. Atkinson and another business partner were previously fined $2.2m by FTC in 2005 for running a similar spam network that marketed herbal products.

Australian Communication and Media Authority (ACMA) spokesman Donald Robertson said the regulator provided "substantive assistance" to the FTC and New Zealand authorities in relation to their investigations into the operation, known as "Herbal King". Yesterday, New Zealand's Department of Internal Affairs announced it would seek to impose USD 176,000 in fines on Atkinson, his brother Shane and another New Zealand man, Roland Smits, who were allegedly involved in the operation.

Source