The fake antivirus software industry makes underhand firms hundreds of millions of dollars in revenues. Researchers at the University of California at Santa Barbara (UCSB) studied back-end servers containing fake software samples, databases of installations, purchases, refunds and technical support conversations dating from March 2008 through to August 2010.

Guest Article by Louise Goldstein

When it comes to software internet security, one company is warning that social networking sites which include YouTube, MySpace and Facebook could present a real hazard to businesses which are rightly fearful of being penetrated by cybercriminals.

Software internet security is a nightmare for businesses and with the rise of social networking at work (via such business sites as Xing, Plaxo and LinkedIn), especially amongst the younger generation, things are getting worse, not better.

There is also a blurring of the message in this area, because although companies are paranoid about problems of being hacked, they still support their workers in promoting their companies on the very same sites which they take issue with.

But businesses are being warned that they have to weigh up the benefits of increased online sales via social media networking, as against the chance of having their systems compromised by hackers, or indeed, putting the company into an invidious position.

There are a number of things for companies to look out for, including using social media for employment vetting purposes, but then falling into the trap of asking ‘illegal’ questions, such as those directed about age, race, or religion.

You should also be aware of giving away too much information about the company and its working practices, which could be used in similar ways that personal ID fraud is exploited.

Be careful also not to damage the company’s reputation, or standing via an inappropriate message on a social media website, or message thread.

A spokesman for the company which gave the warning, Commissum, said:
“The risks of using social media encompass all aspects of the business; legal, employment, technical, operational and reputation. The decision to use social media should therefore be taken after careful consideration of the business reasons and benefits, an assessment of all risks and the implementation of comprehensive controls to mitigate the risks which must include policies and appropriate user training and awareness measures.”

In short, sometimes, software internet security issues should become before fancy social media strategies.

Guest Article by Neil Camp 

The numerous antivirus software reviews published by the computer security companies are great for picking up trends that are being played out across the globe.

And the monthly report from computer security giant Symantec is no exception. This is a comprehensive antivirus software review which looks at, amongst other things, geographical trends and vertical trends.

In terms of geographic trends, the global situation as regards spam, email borne viruses and malicious content are examined.

Notably, the country of Oman has the dubious distinction of being the most spammed in March, with a rate of 87.9%. In the US, the figure was 79.6% and 79.4% in Canada, with the UK not far behind at 79.1%. As regards the country which is the most targeted by email borne malware, this was Luxembourg. Here is was discovered that one on 26.2 emails blocked were deemed to have malicious content attached. In the UK, this figure dropped to one in 98.8 emails and in the US, one in 507.9.

When you look at the vertical trends (and particularly at the sector which are being attacked), further themes become obvious. Currently, the most spammed industry is automotive with a spam rate of 82.3%. In the education sector it was 81%; IT was 79.8%; chemical and pharmaceutical 79.6%; retail 78.8% and 78% for finance.

One might expect a slightly higher figure for finance, given the amount of attacks it receives, but the differences between each sector is minor, confirming that attacks are across the board, and not always aimed at one particular sector.

Guest Article by Neil Camp 

The latest antivirus review from leading computer security company Symantec, which develops and markets the Norton range of products, has headlined its report with the news that global spam has dropped by a third.

The Symantec antivirus review notes that the infamous Rustock botnet has been dismantled, leaving the Bagle botnet to become the most active.

It’s been estimated that prior to its fall, the Rustock botnet was responsible for nearly 30% of the world’s global spam traffic, which equates to around 14 billion spam emails a day.

But although spam levels dropped by a third, other botnet have taken the vacuum created by Rustock, notably Bagle which takes the number one position as top spammer.

Paul Wood at Symantec said:
“It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years. Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries.”
 
“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers’ air-supply, without which it would be very difficult for them to operate. Botnets are also used for other purposes such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users.”

The antivirus review also reported that the number of email borne viruses is virtually static at one in 208.9 emails in the month of March. And of those infected emails, nearly 65% of them directed traffic towards malicious websites, a slight decrease on the previous year.

When it comes to phishing, there was a very slight decrease in activity in March, with one in 252.5 emails.

As for websites which might be harbouring malware, the antivirus review stated that around 3,000 websites a day are home for various malware and other unwanted programmes which included spyware and adware, although this was down an encouraging 28% since February.

Guest Article by Neil Camp 

One of the world’s largest computer security companies is warning that users of mobile devices such as smartphones are oblivious to the risks they are running.

AVG, which is based in Amsterdam and Orlando, says that some 89% of people are also unaware that smartphones actually transit confidential information. This is a worry for all the antivirus software industry.

And when it came to the question of smartphones, the owners of such devices as iPhones and BlackBerry handsets, as well as Android devices, seemed unaware of the capabilities of their devices when it came to the transmission of personal data.

There were three main findings from the report.

Firstly, that nearly 90% that responded to the AVG research report were unaware their smartphone can, without their knowledge, or consent, transmit confidential payment information such as credit card details;

Secondly, that just over 90% did not realise that financial applications which are used on smartphones can become infested with all sorts of malware (some of which can steal personal information such as credit card numbers and online bank usernames and passwords).

Thirdly, that just under 60% didn’t appreciate the fact that not logging off a mobile app properly (especially involved with a social media website), could make them vulnerable to malicious changes in their personal settings and other confidential information.

Other dangers were revealed, including unauthorised premium service orders on monthly bill and geo tracking linked to location data embedded onto image files.

AVG spokesman Dr Larry Ponemon said:
“The findings of this study signal what could be an overlooked security risk for organizations created by employees’ use of smartphones. Because consumers in our study report that they often use smartphones interchangeably for business and personal, organizations should make sure their security policies include guidelines for the appropriate use of smartphones that are used for company purposes.

The CEO of AVG Technologies, Mr Smith said:
“We have increasing responsibility to educate consumers on the dangers lurking in mobile broadband and to help users take ownership of their mobile data security. The mobile internet does not have to be a risky environment, though the industry must work together to encourage users to take action by downloading low-cost or free anti-virus products specifically designed to protect mobile data.”

AVG reckons that smartphone users need to shape up before they start transmitting personal data on their devices.

Guest Article by Neil Camp