Showing posts sorted by relevance for query Spam. Sort by date Show all posts
Showing posts sorted by relevance for query Spam. Sort by date Show all posts

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Posted by Avik Sarkar On 9/09/2012 12:59:00 am

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 
  • Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.

  • Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:
  • Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
  • Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.
Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.
Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.
Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.
Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.
Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.
Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.
Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.
Monitoring and Reporting features- 

  • SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
  • A new dashboard gives an at-a-glance view of status and monitoring
  • Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
  • Notification system – informs administrators and document owners about policy violation incidents
  • Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

  • System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
  • Integration with Active Directory and OpenLDAP
  • Rich email traffic management rules – administrators can create rules according to corporate security policies
  • IPv6 support
  • Scalable architecture – the entire system can be easily migrated from a test server to a production environment
Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 


For Detailed Information Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Spam Bots (#mumbaiblasts)

Posted by Avik Sarkar On 7/15/2011 05:12:00 pm


After the blasts in Mumbai on Wednesday evening, many turned to Twitter for the latest information. Most tweets about the explosions featured the hash tagged term #mumbaiblasts to make identifying relevant posts easier. The live-updating stream included critical information, with tweets sharing emergency phone numbers and links to a public spreadsheet where anyone who wanted to help could post their contact information.
But some of the #mumbaiblasts posts aimed to exploit the attention. Several provocative tweets like “OMG British royalty hurt in #mumbaiblast,” “#MumbaiBlasts done by Bin Laden Apparently he is not dead. See here” and “First Lady caught up in #Mumbai blasts” were posted throughout the evening and from numerous Twitter accounts. All these tweets included links to blog posts that had nothing to do with the explosions. To someone following the stream live, clicking on these links would have been a confusing experience.
But these posts weren’t trying to make sense. They just wanted clicks. These spam tweets linked to “spam blogs,” blogs that exist solely to attract as many views for their sites as possible and sell ads against them. The entities behind these blogs can use computer programs to create an army of Twitter accounts that all link back to the blogs. And while it may be particularly repugnant that spammers would capitalize on a disaster to boost their page views, it’s not unusual. If you follow any of the most popular phrases on Twitter, spam tweets will pop up, regardless of the topic. Twitter banned many of the #mumbaiblasts spam accounts shortly after they were created, but for those who were logged in as events unfolded, it was too late.
Most of the spam tweets have been removed from Twitter since we first saw them there. We went back and found them by plugging in one of the spam links to Backtweets, a site that combs Twitter to find all the tweets linking to an individual webpage. The spammers have apparently moved on to other topics like Justin Timberlake and iPads, but you can still find the #mumbaiblast spam deep in the search results.
There’s not much the average user can do to avoid falling victim to the spam’s tweet trap, except to know that if the Tweet sounds too crazy to be true, it probably is. Twitter also offers this tutorial on how to report spam accounts.

-News Source (India Real Times)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber crime gets more personalised

Posted by Avik Sarkar On 4/24/2011 02:52:00 pm


Rajesh, a Bangalore-based software engineer received an e-mail from the Income Tax department saying that the department had reviewed his ‘tax fiscal payments’ for previous months and his ‘returns filed online’, and that he is eligible for a tax refund of Rs 40,135.50. However, what made him curious was the fact that he did not file his IT returns online.
The e-mail also contained a link for further details. He wasn’t convinced and checked the address of the sender; the id was same as that of the I-T department. However, when he clicked on the link he sensed he was the target of a cyber attack.
“I clicked the link, but when I saw some Brazilian ads on the website I got suspicious. Luckily, I didn’t reveal any important information,” says Rajesh.
Rajesh is one of the many tax payers in the country, who are facing such attacks at the beginning of the new financial just at the time of filing I-T returns. According to security experts, cyber criminals with an intention of stealing money and other personal information of netizens are becoming increasingly active. These perpetrators closely monitor netizens’ day to day activities on the Web and plan attacks. “Today’s phishing sites and spam e-mails are sophisticated enough to look identical to a legitimate e-mail and can easily betray you,” said a security expert.
A recent study by security solutions provider Websense says that 93 per cent of emails are spam. Of these, 2.5 per cent are phishing attacks. Another trend emerging is the attack based on search words. The search terms and trends vary based on the geography and seasons. For example, the subject lines of the recent spam mails and phising mails were Egypt revolution, Libyan unrest, and Japan tsunami among others.
Vinoo Thomas, technical product manager, McAfee Labs says: “Spammers and cyber criminals track most searched words and plan an attack accordingly. Earlier, the attacks were based depending upon festive seasons and other occasions, but now they are targeted at the individual level.”
As social media platforms such as twitter, Facebook and Orkut are gaining more acceptance, criminals also track these social networks and gather an individual’s personal information. Spear phishing is a more targeted and dangerous form of phishing attack. The e-mails are targeted at a particular user; the spear phisher thrives on familiarity by knowing the name, email address, etc.
“Criminals follow you on social networks, which gives them details about your location and background. This helps them reach you and send you spam mails,” said Anand Naik, Director, Systems Engineering, Symantec.
These days spam mails also originate with links of malicious sites, and on clicking them malicious content or codes are downloaded to the system. Spammers use URL shortening services to direct users to malicious links without their knowledge.
According to a data from Symantec, in March this year, 83.1 per cent of global spam was sent from botnets. Botnets have been and remain a destructive resource for cyber criminals. In addition to anonymous spam-sending, many botnets can be used for a number of other purposes, such as launching distributed denial of service attacks, hosting illegal website content on infected computers and installing spyware to track the activities of the users.
The study also said that India is among the top three countries for both infections for the five biggest spam-sending botnets — Rustock, Bagle, Festi, Cutwail and Lethic.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

An army of techies waging war on spam

Posted by Avik Sarkar On 5/09/2011 03:27:00 pm




It's a vast, invisible battle, going on all the time - and, unbeknownst to you, your computer may be one of the battlegrounds.
The struggle pits thousands of smart, evil folks, who send out trillions of pieces of spam e-mail, against the people in law enforcement and business guarding against them and trying to shut them down.
On the front lines against spam and cybercrime, some analyze malicious computer code (malware), and others - in the young science of cyberforensics - examine computers and drives confiscated in investigations.
Spam - hated word - is again in the news. A May 3 FBI alert warned of e-mail carrying purported images or videos of Osama bin Laden. "This will leave you speechless)," the spam says. "See picture of bin laden dead!"
Don't even open it, warned the alert. "This malicious software or malware can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends, and family members."
Pumped out by networks (botnets) of malware-enslaved personal computers, unwanted e-mail - random junk, ads, porn, viruses, Trojan horses, get-rich-quick offers from Nigerian nobility - makes up most of all e-mail sent in the world. By far. Estimates range around 80 percent - but a 2007 Microsoft security report in October put it at 97 percent. It ranges from crud to criminal. As for malware, the United States has about 2.2 million computers (more than any other country) infected, according to Microsoft numbers (likely to be low).
"I guarantee," says FBI Special Agent Brian Herrick, director of the FBI Cyber Crime Squad in Philadelphia, "that thousands of Inquirer readers probably have computers infected with spam or malware, part of a botnet just pumping out spam."
The cyberthugs have an advantage, says Special Agent Cerena Coughlin, also of the Cyber Crime Squad. "We can stop them for a while, but they always come up with ways to circumvent it. And we're more restricted. We have to follow the letter of the law - they don't."
The extent of it is staggering. Before U.S. marshals took it down in March, the Rustock botnet was pumping out an estimated 30 billion spam e-mails a day. The botnets - big names include ZeuS, SpyEye, Dogma, Koobface, and Alureon - are run by criminal groups that use servers and supercomputers in several countries. Tracing their activity is extremely difficult and calls for highly skilled technical workers.
One of 16 such FBI squads in the country, the Philadelphia Cyber Crime Squad has 15 agents working full-time on cybercrime; the national program began in 1996. Working with national and international agencies, the squad studies and traces viruses, junk, and spam. Cases involve computer intrusions (everything from local hackers to international cyberespionage and terrorism), child exploitation (as in pornography), intellectual-property rights (copyright infringement, movies, music, software, proprietary business secrets), Internet fraud, and identity theft.
Coughlin says, "We are insanely busy. This is the third-busiest squad in the country, because of where it is and all the affected business and government concerns nearby. We don't have enough bodies for all the work there is."
In the Philadelphia area, the FBI joins hands with local businesses such as banks, agribusiness, and utilities (enterprises often attacked by spam and cybercrime) in a group called InfraGard. There are more than 1,400 local members - "So many people want to be part of it that we don't even need to solicit members," Coughlin says.
At monthly meetings, members share information, news, and tips. The FBI gives presentations and talks, and individual members speak about the cases they face. "It's a communication channel," Herrick says, "between the U.S. government and people in industry down in the trenches, looking to protect critical infrastructure."
Current president of the local chapter of InfraGard is Brian Schaeffer, chief information officer of Liberty Bell Bank in Marlton. He says, "I get thousands of cyberattacks a day. A lot of them are idiots just wanting to show what they can do. But a lot of them are looking to access banking information."
Like most banks, Liberty Bell has a strong firewall, "so hackers take a back-door approach," sending bank clients "phishing" e-mails - which pretend to be trustworthy communications but hide nasty intentions. "If a client even opens such an e-mail, they can get into their account information, their contacts, the keys to the kingdom."
Such attacks mean that "not only do I have to defend my own system, but also I try to help the customers with theirs. If their computers get infected, their account and credit information could get sold to strangers, and that could hurt us all." Schaeffer tells of an elderly couple who came to his bank one day, and just by coincidence, a bank clerk brought him a suspicious request "to withdraw a huge amount of money from their account - but there they were, sitting with us, so we knew some hackers had got at their information through e-mail."
He says InfraGard "has given me a network of people I can go to if I see things I never saw before. If I have a question, there's likely to be someone with an answer."
The other side of the battle is cyberforensics. Think of it as CSI with computers. It's happening right now, with the cache of computers, flash drives, and other cyberstuff taken from Osama bin Laden's compound in Abbottabad, Pakistan. U.S. agents instantly began to analyze this precious trove for criminal evidence - and links to other al-Qaeda operatives.
Work much like this goes on in Radnor at the FBI's Regional Computer Forensics Laboratory, one of 16 such labs in the country. As with InfraGard, the flavor is distinctly federal/local. Law enforcement agencies - such as the police departments of Philadelphia, Lancaster, Lower Merion, and Lower Providence - send officers to guest-work at the lab and receive training and experience in fighting computer crime.
Supervisory Special Agent J.P. McDonald directs the lab, which has been involved in some of the highest-profile local investigations of recent years, including the 2007 Fort Dix attack plot, the manhunt for the Coatesville arsonists, the case of former State Sen. Vincent J. Fumo, and the 2007-08 "Bonnie and Clyde" case of Jocelyn Kirsch and Edward Anderton, now in prison for fraud and identity theft.
"You can track the growth of cyberforensics along the same timeline as computers," McDonald says. "The FBI's program began in 1999, and, as of the mid-2000s, cyberevidence now has recognition and a firm track record in courts."
The lab is a techie's paradise, with gadgets and screens galore, racks of digital evidence sealed in antistatic wrap, sophisticated hard-drive readers, radiofrequency-shielded spaces, and kiosks for quick analysis of cell phones and thumb drives. "The majority of what we do," McDonald says, "is analysis of what's in a machine, how it got there, and then making a timeline of the history of what got there when."
"People's electronic devices are really an extension of their thoughts," says Philadelphia Police Lt. Edward Monaghan, deputy director of the lab. "If you're into NASCAR, you're likely to have NASCAR stuff in your computer. Thugs who are into drugs and money like to have their pictures taken with drugs, guns, and money. It sounds dumb, but they love it. That's what cyberevidence is all about."
The FBI's Herrick is resigned to a long battle: "There's probably some high school kid someplace in the Midwest - or maybe Europe or Asia someplace - who's cooking up something nobody's ever seen before. You really have to stay on your game with these guys."



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook, spammers are in 'arms race'

Posted by Avik Sarkar On 5/17/2011 01:32:00 pm



Within days of Facebook rolling out new security features designed to block spam, several new social-engineering attacks were spreading that somehow managed to get by the company's antispam defenses.
The spammers have modified their handiwork so it will get past Facebook's scam detection system, company spokesman Fred Wolens told today.
"There are new methods they've picked up after we put out the protections on Thursday," he said. "It's an arms race. We put out new protections and they come up with new campaigns...When we announced the new security features, they were calibrated for all the self-XSS attacks we'd seen at the time."


The company began turning on a feature last week that displays warnings when it detects that users are about to be duped by cross-site scripting (XSS) and clickjacking attacks. In such attacks, people are tricked into clicking something (clickjacking) or pasting some code into their browser Web address bar (XSS).
Yet there were several XSS attacks this weekend and today and warnings were not displayed. In one of them, users were tempted with a post that said "Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!" (On a side note, Wolens artfully dodged the question of whether Facebook would ever add a "dislike" button.)
Another attack falsely offered a way to see how many people viewed you on Facebook as an indication of how popular you are and urged people to click the "Scan Profile" link. The links lead to an external site where eventually the user is prompted to cut and paste Javascript code into the browser address bar, said Satnam Narang, a threat analyst at M86. (Facebook does not offer a way to see such statistics on profiles.)
A third attack tempted people with a comment of "WTF!! You look so stupid in this video" or something similar. A Flash file is loaded when the link is clicked and people were encouraged to press the CTRL and V keys and malicious JavaScript would be pasted from the clipboard into the browser address bar, according to this Zscaler blog post.
In all the cases the user action results in the spam messages being re-posted to the victim's Facebook pages and those of their friends. Ultimately, surveys are proffered for the victim to fill out. The spammers get money for each survey completed and the farther the spam spreads the more money that can be made.
Facebook did not disclose exactly what is going on behind the scenes, which could be used to help spammers in their efforts. Narang said he suspected that some of the spam was getting past Facebook's defenses by obfuscating the Javascript. Facebook seems to have made it harder for spammers to create campaigns that automatically execute and spam your friends, so that victims are sent off to external sites and required to cut and paste text into their browsers, he said.

 But "the hole is still there because they are still able to generate these posts," by tricking users into clicking links and following further instructions, he added.
Facebook is learning and improving the situation with each new spam campaign and iteration of its defenses, Wolens said.
"Within a few hours of this video (spam campaign) we were able to put that information back into the system to protect people," he said.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down

Posted by Avik Sarkar On 7/21/2012 02:58:00 am


C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down



Researcher get another big success by taking down two of the command and control(C&C) servers belong to  the world's largest spam botnet named "Grum". Though  this is not complete victory, as there are still two other C&C servers are currently working actively, but researchers are very much optimistic that the volume of spam will drop this take down. 
Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam." We would also like to give you reminder that, this year Microsoft closed two C&C server of Zeus, another dangerous botnet. Also researcher from different parts of the world have unveiled the mystery of few other botnets like Bredolab, Rustock, Duqu and so on. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

19 Million+ UK Households Being Used As Cyber Weapon (Botnets)

Posted by Avik Sarkar On 12/10/2011 05:51:00 pm


You are also a cyber criminal. Don't get panic, we are sorry to say this for that is truth. An exclusive report is saying that more than a million households of UK is either used or misused as cyber weapons meainly Botnets.
Dutch researchers investigating ways to curtail the hijacking of domestic computers for criminal use, found that more than one million UK households’ PCs are linked to criminal networks known as ‘botnets’, which are groups of Internet-connected computers that have been compromised by a third party and put to malicious use. With around 6% of the UK’s 19m Internet households thought to be part of a botnet, this helps criminals spread spam around the Web more effectively, whilst it can also be used to attack websites and even garner bank details from the unsuspecting public.
The data was gathered from a number of different sources, though most emanated from what is known as ‘spam traps’, which are fake email addresses set up for the sole purpose of receiving junk mail. It’s thought that more than 90% of spam is sent through botnets, and it’s the Internet addresses on these botnets which are a good indicator of where the so-called ‘drone’ machines are located. The researchers then used the IP addresses of the machines that were sending the spam, and traced each one to an Internet Service Provider (ISP). And feeding into this was data about the Conficker botnet, which is thought to be one of the biggest examples of such a network, and incident reports from a computer security company called DShield. The UK figure is placed at number 19 in the top 20 nations with the biggest botnet problem, but it’s roughly in-line with the global average which sits at around 5-10% of domestic computers that are thought to be linked to botnets. Greece and Israel were way out on top, though, with around a fifth of all broadband subscribers thought to be unwittingly recruited into botnets. 
It goes without saying that the biggest ISPs have the biggest botnet problem. It has been figured out that the level of spam on BT’s network peaked at the end of July 2010, at which point more than 30m junk email messages were being sent each week.  

Here is a Statistic:- 


The good news, however, is that these figures have fallen sharply since then with a number of anti-cyber crime groups helping to bring down some of the biggest botnets. One takedown earlier this year saw spam fall massively overnight, when just an entire network, called Rustock, stopped sending junk.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Large Number of Dropbox User Targeted By Spammers

Posted by Avik Sarkar On 7/19/2012 12:15:00 am

Large Number of Dropbox User Targeted By Spammers 
One of the very popular file hosting service Dropbox which offers cloud storage & file synchronization have fallen victim to cyber criminals. A large numbers of Dropbox users have reported receiving spam mails to their e-mail address. So far the spammer is using different pieces of German-language spam at an email address used solely to register with Dropbox. Yesterday, a Dropbox user named David.P first  reported on the Dropbox forum that he received a spam message to an email account that he used exclusively for Dropbox and no other service.  Since then, various users in Germany, the Netherlands and United Kingdom reported receiving junk email touting online gambling sites. Similar reports can also be found on the Dropbox forums. In almost all cases, the spam is for suspicious-looking online casinos. Much of the spam appears to have been sent to users with their own domains who created a custom email address such as dropbox@domain.tld to register for the Dropbox file-sharing service. This would suggest that the spammers may simply have been lucky. According to forum discussions, however, emails have also been received by people who have not used this easily guessable address format.  
Immediately after this incident get spotted the announced that it has asked its security team to investigate the incident, and has also called in outside experts. At present, it has found no evidence of unauthorized access to Dropbox accounts, but this could change as the investigation moves forward. The company has reassured users that a recent thirty minute web site outage had nothing to do with this incident. 

In their Statement Dropox Said:-
"We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can. We know it’s frustrating not to get an update with more details sooner, but please bear with us as our investigation continues.”


-Source (E Hacking News & The-H)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft is Offering Reward to Fight Against Cyber Crime & SPAM

Posted by Avik Sarkar On 7/20/2011 03:51:00 am


Microsoft puts on the Superhero outfit this week and battles Cyber Crime and SPAM by offering a $250,000 reward for information about the Rustock Botnet.
What is the Rustock Botnet? A "botnet" is a system made up of computers that are used for malicious purposes, such as hacking, spreading SPAM, and so on. The Russian-based Rustock Botnet is responsible for a lot of those messages you get trying to sell you Viagra or suspicious-sounding drugs, pirated copies of software, fake designer goods and other SPAM. According to ZDNet, it can send out 30 billion SPAM emails every day.
Last month, Microsoft posted notices in two Russian newspapers to let Rustock know they were out to get them by starting a civil lawsuit. Now, they've stepped things up by offering the $250,000 reward to anyone who can give information leading to the identification and arrest of the operators behind the Rustock Botnet.

Microsoft has already helped cut the Rostock operation by over half. The company deserves praise for taking this stand and targeting this evil company on behalf of computer users worldwide.
At its Official Blog, Microsoft gives a lot of technical information about the Rustock Botnet and their efforts to take it down. Users can help, too, by making sure their computers are not vulnerable. Keep your software up to date, install anti-virus software, and use firewalls, even though they are annoying. They will help protect you and stop these ruthless botnets like Rustock.

And, hey, if you happen to have some information about who's behind Rustock, maybe you can grab $250,000.

-News Source (TG)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Rolls Out Login Approvals and Security Protections Against Clickjacking and Self-XSS

Posted by Avik Sarkar On 5/14/2011 12:04:00 am


Facebook has released several new security features designed to thwart unauthorized logins, cross-site scripting, and clickjacking that trick users into sharing spam to the news feed. Login approvals require suspicious logins to be confirmed with a code texted to a user’s phone, while self-XSS and clickjacking protection  warns users and requires them to confirm their actions when pasting links into their browser or clicking suspicious Like buttons.
These protections should reduce the prevalence of hijacked accounts and highly visible spam in the news feed that perpetuate the public perception of Facebook as less safe than the rest of the internet.



Facebook’s latest internal security efforts were announced alongside a new partnership with Web of Trust, a a crowd-sourced website reputation rating service that will be used to power alerts to Facebook users when they click malicious outbound links. Facebook has previously concentrated on improving security through user education and login protection features such as remote session logout and one-time passwords.

Login Approvals

Now Facebook is rolling out the two-factor authentication it announced last month. Users can visit Account -> Account Settings -> Settings -> Account Security to enable the feature, which will require them to verify their phone number. Once enabled, any time someone attempts to login to the account through a new or unrecognized device, they’ll have to enter a code sent to their phone via SMS. Users will also be notified the next time the successfully login of any suspicious attempts thwarted by the login approvals feature.



Users could be temporarily locked out of their account if they have Login Approvals in the unlikely event that both their phone and their approved Facebook login device were lost or stolen. Still, the feature offers a strong additional layer of security for those who opt in to it. It can also serve to protect users who may share their password with a loved one for use on their regular login device, but who don’t want those people to access their account from elsewhere.

Clickjacking Protection

Clickjacking refers to when a malicious website conceals an active link beneath an image or other disguise to fool a user into clicking a link they didn’t intend to. In the case of Facebook, malicious sites sometimes conceal Like buttons beneath video players or appealing offers, leading users to inadvertently share the spam site to the news feed, drawing in more users to the scam.
Facebook already has automated systems designed to identify and disable uses of the Like button for clickjack, as well as block or remove outbound links to clickjacking sites. Now Facebook as added additional protection against the tactic by requiring users to confirm they wanted to click a Like button that is suspected to be part of a clickjacking scheme. The Like won’t go through and stories won’t be published to the news feed unless the user confirms.
This feature could cut down on one of the most prominent Facebook security threats as of late, which has spread through links that promise videos of racy or gruesome content.

Self-XSS Protection

Self-cross site scripting is a security threat in which a spam news feed story, wall posts, or Message asks users to copy malicious code into their browser, thereby causing a hacker’s message to be posted to additional friends. These threats are becoming increasingly sophisticated over the years (if you want to get deeper into the topic, be sure to check out security researcher Joey Tyson’s Social Hacking blog).
The new security features detects when users attempt to paste malicious code into their browser, displays an alert explaining why the practice of copying code into a browser is dangerous, and prevents the code from being run.


By mixing education in with technical security features, Facebook can protect users now and teach them to protect themselves in the future.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Travelodge customer data stolen

Posted by Avik Sarkar On 6/24/2011 04:44:00 pm



Travelodge UK is investigating an apparent hacking attack on its customer database. The hotel chain issued a warning to users of its online service to be on the lookout for spam e-mails. Full details of the security breach were not immediately available. A spokesperson said it seemed that a limited number of people were affected. No financial information or payment details were stolen in the attack, according to Travelodge.
A letter to customers, signed by the company's chief executive Guy Parsons, contains little information about the nature of the leak, although it stresses that Travelodge had not sold user data to a third party. It also quotes the spam e-mail that some customers have received.
"Good day. Don't miss exciting career opening. The company is seeking for self-motivated people in United Kingdom to help us spread out our activity in the UK area," said the message.
The company promised to give further updates once is has completed an internal investigation.

This was the Letter send by the CEO of Travelodge, by stating that Customer Data has been stolen

Thursday 23rd June 2011 (3.00pm)
Dear Customer,
Our main priority is to ensure the security of our customers’ data, which is why I wanted to make you aware, that a small number of you; may have received a spam email via the email address you have registered with us.
Please be assured, we have not sold any customer data and no financial information has been compromised.
All financial data (including credit card information) is compliant with current best practice standards and is audited to PCI (Payment Card Industry) requirements.
The safety and security of your personal information is of the upmost importance to us and as a result we are currently conducting a comprehensive investigation into this issue.
If you receive an email similar to the one detailed below, please delete it as spam.
Good day. Don't miss exciting career opening. The company is seeking for self-motivated people in United Kingdom to help us spread out our activity in the UK area. Conditions: - Full age United Kingdom resident - Only basic knowledge of Internet & computer. - Free access to personal e-mail box - 2-3 free hours per day - Immediate replies on our written requests - good organizational skills. You can without problem connect our work with your primary activity. Brilliant income ability. Free training available. Applicants must be smart and commerce motivated. Working only some hours per day. Any person residing in the United Kingdom can be our representative. Our manager will contact you within few hours if you attracted. ---------------- Local News: from paris, with love who's the toast of the airport show.
If you have any questions regarding this matter please email: andrea@travelodge.co.uk. A further update will be given, when we have completed our investigation.
Guy Parsons
Chief Executive

-News Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Attackers target applications

Posted by Avik Sarkar On 5/14/2011 03:21:00 pm


Software applications rather than operating systems or web browsers were the favoured target of cyber attackers last year, although the total number of application vulnerabilities was significantly down compared to 2009, a new report from Microsoft has shown.
Microsoft’s latest Security Intelligence Report found that overall, the industry’s disclosure of vulnerabilities – holes in software that bad guys can exploit – has been declining since 2006. Microsoft attributed this to better development practices and quality control on the part of developers, which it said results in more secure software.
Attacks exploiting weaknesses in Java rose sharply during the third quarter of 2010, beating every other kind of exploitation tracked by Microsoft’s Malware Protection Centre. Exploits using HTML and JavaScript increased steadily throughout the year and continue to represent a large portion of exploits, the report said.
In the third quarter, the number of Java attacks increased to fourteen times the number recorded in the previous quarter, following the discovery of two vulnerabilities in the Java Virtual Machine. These flaws alone accounted for 85pc of the Java exploits detected in the second half of 2010. By the end of the year Java exploits far outnumbered all other types of software vulnerabilities such as HTML/Script, operating systems, document readers and even Adobe Flash.

Drop-offs in flow of spam

The flow of spam also saw two massive drop-offs during last year, in September and December, which Microsoft said was due to the elimination of two sources – the Cutwail Spambot and Rustock. While Cutwail was taken out as part of an operation by security researchers, Rustock re-emerged in January and has begun sending spam again.
Now in its tenth year, Microsoft’s Security Intelligence Report provides in-depth perspectives on software vulnerabilities, exploits, malicious and potentially unwanted software and security breaches in both Microsoft and third party software.
The full report can be downloaded here.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Dropbox Acknowledged It was Hacked & File Containing Private Customer Data Was Stolen

Posted by Avik Sarkar On 8/04/2012 02:44:00 am


Dropbox Acknowledged It was Hacked & File Containing Private Customer Data Was Stolen 

Very popular file hosting service Dropbox which offers cloud storage & file synchronization have fallen victim to cyber criminals again. In the middle of last month a large numbers of Dropbox users have reported receiving spam mails to their e-mail address. The online file storage service confirmed that hackers accessed usernames and passwords from third party sites and then used them to get into Dropbox users' accounts. Dropbox has acknowledged that a file containing private customer data was stolen from the Dropbox account of one of the company's employees and that the information was subsequently used to send out spam messages to users. According to the official blog of Dropbox:- "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again..."
This security breach added the name of Dropbox among those ( LinkedIneHarmonyFormspring, Yahoo 
Android ForumsNvidia and Gaimgowho recently fallen victim to the cyber criminals. As countermeasure the cloud storage provider has created a new section on the Account Security page that allows users to see what web browsers are currently logged into their account, and has implemented new automated mechanisms to identify suspicious activity. Dropbox says that it also plans to offer a two-factor authentication option in a few weeks' time. The company didn't say how exactly this option will be implemented, but that users could, for example, receive an SMS text message with a temporary code that must be entered together with the password each time they log in. From the above seenerio we can predict that the said security measure will be exactly like the "2-Step Verification" of Google Account. 


-Source (The-H, Dropbox Blog)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Handover The Rustock Botnet Case to FBI

Posted by Avik Sarkar On 9/23/2011 01:25:00 am


Microsoft lawyers have sealed their victory over the operators of what was once the world's biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet. The seizure was completed earlier this month when a federal judge in Washington state awarded Microsoft summary judgement in its novel campaign against Rustock, which at its height enslaved about 1.6 million PCs and sent 30 billion spam messages per day. The complex legal action ensured that IP addresses and more than two dozen servers for Rustock were seized simultaneously to prevent the operators from regrouping.
Now the attorneys are turning over the evidence obtained in the case to the FBI in hopes that the Rustock operators can be tracked down and prosecuted. Microsoft has already offered a $250,000 bounty for information leading to their conviction. It has also turned up the pressure by placing ads in Moscow newspapers to satisfy legal requirements that defendants be given notice of the pending lawsuit.
According to court documents, the Rustock ringleader is a Russian citizen who used the online handle Cosma2k to buy IP addresses that hosted many of the Rustock command and control servers. Microsoft investigators claimed the individual distributed malware and was involved in illegal spam pitching pharmaceutical drugs.
“This suggests that 'Cosma2k' is directly responsible for the botnet as a whole, such that the botnet code itself bore part of this person’s online nickname,” the Microsoft motion stated. In a blog post published Thursday, Microsoft said the number of PCs still infected by Rustock malware continued to drop. As of last week, a fewer than 422,000 PCs reported to the seized IP addresses, almost a 74 percent decline from late March. It also represented significant progress since June, when almost 703,000 computers were observed.
The Rustock takedown has been a rare bright spot in the ongoing fight against computer crime. After it was initiated, federal authorities waged a similar campaign against Coreflood, another notorious botnet estimated to have infected 2 million PCs since 2002. In a step never before taken in the US, federal prosecutors obtained a court order allowing them to set up a substitute command and control server that forces infected machines to temporarily stop running the underlying malware. Taking down botnets is a good start, but it does little stop criminals from setting up new ones. Microsoft's determination in tracking down Cosma2k and his cronies could go a step further, by showing would-be botherders there are consequences to their crimes, no matter where in the world they may be located.

-News Source (Microsoft, Register & CNET)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Steve Jobs: Not Dead Yet! Emails Lead to Malware

Posted by Avik Sarkar On 10/13/2011 07:45:00 pm


We all are aware of that Mr. Steve Jobs death. But this phenomena has beeing misused by cyber criminals. Previously we have seen Facebook scam happened after the death of a public figure, a scam was started on Facebook Thursday to exploit the death of Steve Jobs. Claiming that free iPads were being given away in “in memory of Steve,” the Facebook page was quickly taken down after the media began to report on it.
But it not yet over Security researchers from M86 Labs have intercepted a currently spreading malware campaign a Steve Jobs spam campaign, with the subject suggesting that he is still alive. 

Steve Jobs Alive!
Steve Jobs Not Dead!
Steve Jobs: Not Dead Yet!
Is Steve Jobs Really Dead?


The URL links in the spam are many and varied. The websites that they point to all look to be hacked by the addition of obfuscated code that, after two layers of redirects, ultimately ends up at a BlackHole exploit kit landing page.


The intermediary redirect URLs are random-looking domains, with a top level domain of .ms (Monserrat in case you didn’t know), here are some examples:
hxxp://xnyiinobfb[dot]ce[dot]ms/index.php
hxxp://derhvbq[dot]ce[dot]ms/index.php
The purpose of the exploit kit is to try and exploit vulnerabilities on the system and eventually download malicious executable files. At this stage, we are not sure what the ultimate payload is, as no files were actually downloaded on our test system.
Unfortunately, many people may find this spam campaign “click-worthy” given the icon that Steve Jobs was. The usual advice applies – avoid clicking links in unsolicited email. In this case, one simple click is all it takes to get compromised.

-News Source (M86lab)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Criminals Targeting Paypal Via Spamming

Posted by Avik Sarkar On 11/27/2011 02:18:00 pm


Paypal again under cyber attack. This time spammers hit paypal very hard. The issue over here is that Paypal is saying or you can say the spam mail containing that Your email address has been changed. Attached to the email is an HTML form (Personal Profile Form - PayPal-.htm), that requests you enter your personal information. Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.

Typical Spam Looks Like:-

Subject: You have changed your PayPal email address
Attachment: Personal Profile Form - PayPal-.htm
Message body:

Dear PayPal Customer,

You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.

Immediately after this phenomena Paypal takes stpes. They are asking you to forward the mail to the security Team.   To know the official advice of Paypal click Here. To prevent this Paypal released security measures. More info Have a look 


  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search