Guest Article by Louise Goldstein

One huge Botnet was recently reduced to a trickle as one set of anti-spammer guardians fought hard to bring them down. The figures are truly amazing, with some issuing billions of individual spam emails each year, meaning that millions are being sent on a daily basis.

But although these successes are worth a collective round of applause, the sheer size of the spam operations has worrying implications for all to see. Spam started as a mischievous trick on friends – it’s innocent beginnings belong to a different time now.

But once the crooks saw the advantage in sending out emails to a somewhat gullible database of email enthusiasts who appeared to park their brains elsewhere when items dropped into their inboxes, the flood gates opened. Some weren’t completely fictitious of course and no doubt many men have benefitted from under the counter Viagra, but offers of millions from dead kings, or pictures of curvy tennis stars which actually had dirtier things attached than a picture of a raised skirt, soon alerted most to the spammers deadly armoury.

Now the defences are more sophisticated and the computer security industry has woken up to the fact that it’s far better to stop the spam reaching its destination in the first place, than to rely on someone saying no to an offer of a forty million pound fortune from an African chief.

The various internet platforms and mail servers are now far more effective in stopping spam than they used to be, so there’s almost a desperation in the spammers actions now, as though they continually have to up the number of spam in order to get the one profitable hit.

But the crooks face a double whammy. Spam filters continually get better and people get more cynical. Therefore, the numbers have to ever increase, meaning that the servers which push through this rubbish will be easier to spot and bring down.

It sounds like a win win situation; unfortunately, it isn’t.

Spammers are not ‘geeks’ sat in their bedrooms romantically fighting the system to earn a loaf of bread. Nowadays they are geeks sat in huge offices fighting the system to earn their organised crime bosses far more than a loaf of bread (in fact, millions of loaves).

And organised crime bosses always have an eye on the takings. If profits begin to drop, it won’t be a prosaic shrug and a bringing down of the shutters for a while, Make no mistake, the crime bosses (and some Governments), will have invested a fair bit of their ill-earned gains to set up their spam operations and walking away from that, and the potential rewards, means that the focus will switch elsewhere.

Spam will maybe last another five years as a profitable, albeit mostly illegal, road to riches. But as it starts to die, the real danger is where the crime bosses will direct their geeks attention then.

One battle might go to the computer security industry, but the cyber war is far from over.

Guest article by Neil Camp 

But are we so certain that we’re not victims of a more subtle form of data capture, one practised by the big legitimate companies.

Just because it’s a high-street operation, and one that has a very recognisable brand, does not mean that they are immune to trying to wheedle out as much information as they can from their customers.

Nowadays marketing efforts live, or die on personal data. Customers are not merely sold to, or encouraged to buy, they are targeted. Firstly, they are defined and secondly, they are profiled. This is because, and let’s be honest here, companies don’t want to waste efforts selling something their customers don’t want.

Take the large ecommerce operations which quickly build profiles of their customers because they closely monitor their buying habits. Say one customer has bought a particular type of book in the past, the online retailer will store this information in a complex database and regularly send out up dates to let the customer know of other books they might fancy within the genre, or just any books just published.

Despite some reservations, the system actually works as it allows the customer to be targeted correctly which leads to a lot less time being wasted for the company and their customers.

There are two downsides of course. Firstly, the very real danger that the data might get into the wrong hands and be used for nefarious means. Secondly, this sort of marketing destroys the sense of serendipity when it comes to shopping.

Take the first point. Companies are becoming ever more sophisticated at capturing data, so much so, that anyone completing an online data form, should always check out the small print terms and conditions. The rise in social media has resulted in so much personal data being out there (and inter-linked), that some companies will see that information as worth mining and storing on their database. Thus, a company might not just be acquiring your data, but your network of friend’s data as well.

Now, arguably, with a responsible company, that does not matter, because, given they have a reputation to keep and Data Protection Laws to adhere to, they will bend over backwards to protect their databases. But, with less scrupulous companies, there might be a temptation to sell their data on, or ‘lose it’ through poorly protected IT systems.

And this ‘precision bombing’ approach to marketing does lose the sense of serendipity, of browsing through products that you haven’t bought before, just because the company can’t be that clever (based on moods and whims) to calculate your future tastes. At least not yet!

But the point is, always be careful when you handover your personal data. Mostly it will be used responsibly, but if you have any doubt, it’s best to run for the hills and refuse to hand it over!

Guest Article by Neil Camp 

ENISA stands for European Network and Information Security Agency and issues many antivirus reviews and advice documents throughout the year.

ENISA has written two studies about botnets which were published at a recent workshop in Cologne, Germany. They set out to evaluate the threat of the botnet problem and how effective are the current measures in dealing with them.

Botnets are basically a network of zombie computers which are used to send out millions of spam emails. Spammers rely on huge numbers to make their process work: you send out many thousands of emails and expect one reasonable reply (say an order, or someone submitting personal details). Just that one response out of thousands makes the spammer viable. But to send out millions of emails requires time and energy, and many computers.

The advantage with machines that have been compromised (usually by a Trojan which takes control without the user knowing) is that they are effectively anonymous and are not linked with the spammer. They sit there, performing the usual tasks for their owner, yet are also, unbeknown to their owner, performing other tasks for the hacker. And this might include issuing thousands of emails on a daily basis.

And each individual computer (the bot) which has been infected (the zombie) sits within a network of likewise compromised machines (the botnet).

Many local authorities in the UK have discovered that their PCs have been unwittingly enrolled into various botnets exploited by hackers throughout the world.

But ENISA say that the threat of the botnets might be overestimated, given that although millions of machines have indeed been infected, the hacker might be able to employ a fraction of those to perform a single task.

Indeed, the number of machines that can be exploited by the hackers is considerably smaller than many reports have initially suggested. This does not diminish the threat of such networks of zombie computers, but it does try to put forward a more realistic picture.

Both the ENISA antivirus reviews are available online.

Guest Article by Neil Camp 

Those without antivirus software should be aware that online data scams are very much on the increase and one major website believes it to be a growing trend.

So just what does data capture involve? It’s the capture, for nefarious means, of personal email addresses, home addresses and telephone numbers; indeed, it’s the capture of as much personal detail as possible.

And this can be done easily online if surfers do not use antivirus software, or indulge in ‘unsafe’ practices whilst using the internet.

One of the classic ways to trick surfers into divulging their personal details is to target those that are constantly searching the internet for special offers and bargains. There are thousands of ‘fake’ websites out there who say that they offer superb deals, or frees samples, when it is in fact a ruse to get people signed up and providing their personal details.

One of the most popular tricks nowadays are the websites which say offer free iPhones, whereas in reality all they want to do is capture data for their own reasons. It’s not always as simple as offering free products, with techniques used becoming more sophisticated, using such things as surveys and competitions, plus Facebook applications.

The users most at risk are those who tend to frequent social networking websites as scams can be spread virally within minutes.

The founder of a website which specialises in free items, Andy Varley, says:
“Data scammers are becoming savvier in the way they try to trick Web surfers. We are seeing more variety in the way companies look to harvest personal data, so it pays to be on your guard.

“If a form exists to capture data, you need to carefully consider how the website will handle the information submitted. In many cases there will be a catch.

“Legitimate sites exist but it can be easy to fall foul of a marketing scam. Genuine offers all display certain characteristics whilst rogue websites often sell details to third party companies. The end result is tons of junk mail and e-mail spam. In worse cases this could mean identity fraud.”

Mr Varley recommends a number of ways to avoid being caught, even if antivirus software is fully up to scratch.

Firstly, try to use websites that are offered by familiar companies, or brands. Secondly, check the Privacy Policy of the website you are using to see how your personal data will be used by the company. Thirdly, remember the old adage, there’s no such thing as a free lunch. If the offer seems too good to be true, then it usually is. Fourthly, when using a website, always use a secondary email, rather than your main personal, or work email.
And finally, the most important of all, keep your computer updated with the latest antivirus software.

Guest Article by Neil Camp