Software antivirus giant Symantec – developer of the Norton brand of products – has issued its January 2011 MessageLabs Intelligence Report.

Symantec, one of the largest software antivirus companies in the world, revealed in its latest monthly report that global spam levels were down, although it still accounts for some 78.6% of all email traffic sent. And that’s the lowest since March 2009 when the rate had dropped to 75.7%.

The drop, says Symantec, was due mainly to three botnets – Lethic, Rustock and Xarvester – stopping operations and disagreement amongst a number of pharmaceutical spam-sending gangs.

A senior analyst at Symantec said:
“The closure of spam affiliate, Spamit, was partially responsible for the disruption to spam output. However, there are likely other factors at work, such as consolidation and restructuring of pharmaceutical spam operations which has led to instability in the market likely to be exploited as a business opportunity by other spam gangs. We expect to see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge and botnets compete for their business.”

Botnets are hugely important when it comes to spamming and its reckoned that they were responsible for much of the spam circulating the globe. Indeed Rustock accounted for nearly half of all spam sent and on day alone, might have sent in the region of 44 billion spam emails. This gives it the distinction of being the single largest spam-sending botnet.

The Symantec analyst said about Rustock:
“At various points during Rustock’s history, the botnet has often exhibited irregular spamming patterns by sending huge volumes of spam before going quiet for several weeks at a time. But throughout 2010, its spamming pattern was more regular and it had been active non-stop until December 2010. Our investigation revealed no evidence of Rustock being disrupted in any way either by law enforcement or through other action.”

The bad news is though, that Rustock has resumed spamming – although not at its previous levels – and the Bagle botnet has taken over where the others left off, accounting for 20% of all spam emails; a figure which is growing.

Other parts of the report show that the number of email borne viruses is down as well, with one in 364.8 contained a virus, which equates to 0.274% and compares with the previous figure of 0.3%. And phishing slightly increased, with one in 409.7 emails explaining a get quick rich scheme.

Which goes to show that the need for software antivirus programmes has not at all lessened.

Guest Article by Neil Camp 

Antivirus software is something that many online shoppers have come to depend upon, so it must come as a bit of shock for users of the Lush website to find their credit card details being attacked by a gang of determined cyber hackers.

Indeed few would doubt that anti virus is not a good idea, but it’s not just the individual computer user which has to be careful – companies and their websites need protection as well.

Lush is a cosmetics website and it would appear that it was penetrated over a four month period spanning October 2010 to January 2011. The site was brought down by the management on 21 January, 2011. It’s usual Home Page was replaced with one that mentioned the attack. It told users of the website that anyone who placed an order between the start of October (4th) and near the end of January (20th), should now contact their card’s issuing house to ensure that it had not been compromised.

A number of Lush customers have reported problems with their cards and say fraudulent transactions have happened since using the compromised website. The Lush Facebook page took the full vent of some customer attacks as they complained that the problem had not been spotted early enough, taking place as it did over four months, and that they were seeking compensation from the company. It was not only the fact the cards might have been used by someone else, but that just the mere threat of a fraudulent charge meant that cards had to be cancelled and renewed.

A security expert told the BBC:
“I was initially alerted to the attack by one of my own friends whose card, along with her husband’s, have subsequently been used to make fraudulent purchases totalling almost £6000 from well-known online retailers. The risk of these stolen card numbers being used by criminals has already moved from the theoretical to reality.

The Lush management said that more had been done to stop the problem than might at first be apparent to its customers. A director of the company, Hilary Jones, explained that they had first become aware of the issues on Christmas Day and the site was brought down promptly. Then management set about discovering the intentions of the hackers, whether to steal money, or just be awkward.

The first sign of trouble came when large numbers of small transactions began to appear. This is a way that hackers ‘test’ a credit card to see if it is ‘live’ and worth exploiting. What’s more, she emphasised that during the four month period the site was not penetrated all the time, but that was the time needed to safeguard their customers.

She said: “As an ethical company we could not keep that information to ourselves. We had to tell a huge raft of customers. We really want to make sure we cover all possibilities. We wanted to tell more customers than less.”

The Lush website has since been replaced by a new online shop and payments will only be accepted through PayPal, which just goes to show, that all companies must also make sure they have the best possible security software.

Guest Article by Neil Camp 

Worries about internet security were notched up another gear as Facebook blamed a bug for an apparent case of Zuckerberg hacking.

Internet security is a constant worry for all users of the web so to hear that Facebook had been targeted again only heightens concerns about overall security.

The BBC and a few tech sites reported that what was described as an ‘odd’ posting which claimed to have come from Mark Zuckerberg, the founder of Facebook.

The 26-year-old American who has made billions from Facebook apparently made a posting to a fan page which is said to have called for the website to become a social business. And one which does not require the backing of the world’s financial markets. This was obviously a reference to recent stories about a possible Facebook IPO which would give a public company status.

The posting read:
“Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Prize winner Muhammad Yunus described it?”

Facebook issued a statement saying:
“A bug enabled status postings by unauthorised people on a handful of pages. The bug has been fixed. It was a handful of public Facebook pages and no personal user accounts were affected.”

The posting was not Mark Zuckerberg of course, but the fact that the erroneous message was the result of a hacking, won’t endear many to the website’s ability to beat off attacks.

The Muhammad Yunus referred to in the message is the founder of the Grameen Bank. This acts as a loan institution to individuals who have business ideas, but no collateral to get started.

The fake post pulled in 2,000 comments before it was brought down and software security company Sophos say that the page in question, which has three million fans, has been moved to a new address.

A spokesman for Sophos told the BBC:
“It’s quite possible that other people than Zuckerberg had access. It could have been one of those that got hacked. I can easily imagine that something like that could have happened. The other possibility is that [Mr Zuckerberg] strode away from his desk for a while and someone grabbed it and typed the message in. Although you wouldn’t think that would do much for their job prospects.

“As a general rule this can happen to anyone. Just because a person is famous or well known doesn’t mean that everything that is posted from their account is legitimate.”

It is said that French President Nicholas Sarkozy suffered a similar fate recently when his account was hacked and message released saying he was resigning. Experts are worried that tools like Firesheep make it easy for people to grab login information for unsecure websites.

With incidents like this, worries will continue about the current state on internet security.

Guest Article by Neil Camp 

The mantra from the computer security industry has always been buy antivirus software, and these are wise words considering the number of concerted attacks on systems and websites.

One of the latest attacks, and one which enforces the buy antivirus software mantra, was directed at online gossip website Gawker Media. The hackers managed to get into Gawker servers, and the result was that 1.3 million user account passwords were compromised in the attack. The hackers then posted the file with all of the details onto a file-sharing site that has been associated with the infamous 4Chan.

To add insult to injury, the group ‘Gnosis’ released a file taken from Gawker on the file-sharing website Bittorent, and more passwords were put at risk.

With the passwords at their fingertips, spammers got into thousands of Twitter accounts and used the opportunity to advertise dieting pills. Although the motivation for the attacks has not yet been ascertained, it is not the first time that Gawker has suffered in this way.

In the past it has also been used to attain passwords, that are then used to hack into Twitter accounts and publish messages of support for the whistle-blowing website Wikileaks, most likely in response to Gawker’s publishing of blogs that are critical of Julian Assange, Wikileaks’ founder.
Graham Cluley, a consultant at security firm Sophos, highlights the dangers of a password being discovered: “Anybody that has had their Gawker account details published can expect to be targeted by other hackers. Every identity thief, hacker and spammer out there will be attracted to that password file.”
Rik Ferguson, a security research at Trend Micro, highlights a problem that has led to so many passwords being accessed so easily: “It’s all too common that people use the same password for multiple accounts.”

Internet security advisors and websites are therefore continuing to stress the importance of using varying and complex passwords. Users are encouraged to not be put off by having to remember difficult passwords; all passwords, Mr Ferguson claims, can be made simple to remember. This is particularly poignant advice, as in the latest attack on Gawker, the passwords that were used by spammers were the ones that were simple, and therefore easy to decrypt.

Harvesting passwords and allowing spammers into peoples’ accounts is a fluid and increasing activity, and although in this case it was only social network accounts that were affected, it could have been much more serious information that was accessed. For banking details and other personal information, more complicated and safer passwords are a necessity, stress industry officials. This, combined with the right kind of software, can help keep your most personal details secure. The mantra buy antivirus software has never been more relevant in today’s world of sophisticated hacking.

Guest Article by Neil Camp 

It’s being alleged that malware writers are alive and well in a number of antivirus security firms.

And much of these antivirus security allegations are centred on activities in China. The centre of many alleged fraud scandals, China has its fair share of cases involving malware writers using their talents to bring down competing antivirus software companies.

The latest outrage is focused around a former official at Beijing Municipal Public Security Bureau, who has been given a ‘suspended death sentence’ after being found guilty of corruption.

The long-running rivalry between Rising and Micropoint (Micropoint being founded by former employees of Rising) is at the centre of this conviction. Yu Bing, the security official, was partly convicted for mass embezzlement and corruption because of his alleged crimes against Micropoint. The government accused Yu Bing of denying Micropoint access to official testing, and of actions that led many Micropoint employees to be accused and convicted of creating malware to advance their position. Rising have been quick to distance themselves from the case.

The ‘Epoch Times’, a Chinese anti-establishment news source, threw the accusations at Rising, but do believe that Rising is one of many companies in the security industry that creates malware for their own benefits. They call it ‘an open secret’, and claim that the industry is rife with this sort of corruption and fraud.

Other antivirus and security companies across the world are, however, not so quick to believe the allegations. John Hawes, a Technical Consultant at Virus Bulletin: "It seems pretty unlikely that anyone working in a serious security firm would consider creating their own malware. This is an industry which relies heavily on trust and respect between competitors; there’s a very strong moral code which totally forbids anything like that. Many outside the industry seem to find it amusing to suggest such theories, but most researchers will have heard the same thing many, many times. Those in the know are well aware that creating new malware is not only unethical but pointless…’

This latest row over allegations of corruption in the industry are only one in a long, convoluted series of events and stories coming out of China. The author of the Fujacks virus (also known as the ‘panda-burning-Joss-sticks’ virus, due to the cartoon icon that appeared in the place of the file it had infected), Li Jun, is believed to have been hired by the Spanish firm Panda. The reports suggested that the convicted malware writer was hired by Panda to advance their own name at the detriment of their competitors, but it was quickly denied by Panda, who claim it was a misunderstanding arising from some Chinese software marketing.

With the allegations that malware writers are helping companies to beat their rivals, one can only hope that the effectiveness of these antivirus security firms are not impeded, and that they can continue to keep users’ computers safe from internet threats.

Guest Article by Neil Camp