Antivirus reviews can take many forms and one from the EU cyber crime agency ENISA, questions how botnets are measured and their impact assessed.

ENISA stands for European Network and Information Security Agency and issues many antivirus reviews and advice documents throughout the year.

ENISA has written two studies about botnets which were published at a recent workshop in Cologne, Germany. They set out to evaluate the threat of the botnet problem and how effective are the current measures in dealing with them.

Botnets are basically a network of zombie computers which are used to send out millions of spam emails. Spammers rely on huge numbers to make their process work: you send out many thousands of emails and expect one reasonable reply (say an order, or someone submitting personal details). Just that one response out of thousands makes the spammer viable. But to send out millions of emails requires time and energy, and many computers.

The advantage with machines that have been compromised (usually by a Trojan which takes control without the user knowing) is that they are effectively anonymous and are not linked with the spammer. They sit there, performing the usual tasks for their owner, yet are also, unbeknown to their owner, performing other tasks for the hacker. And this might include issuing thousands of emails on a daily basis.

And each individual computer (the bot) which has been infected (the zombie) sits within a network of likewise compromised machines (the botnet).

Many local authorities in the UK have discovered that their PCs have been unwittingly enrolled into various botnets exploited by hackers throughout the world.

But ENISA say that the threat of the botnets might be overestimated, given that although millions of machines have indeed been infected, the hacker might be able to employ a fraction of those to perform a single task.

Indeed, the number of machines that can be exploited by the hackers is considerably smaller than many reports have initially suggested. This does not diminish the threat of such networks of zombie computers, but it does try to put forward a more realistic picture.

Both the ENISA antivirus reviews are available online.

Guest Article by Neil Camp 

Having antivirus software is one of the best ways to avoid a data scam, which is a positive point given that these particular forms of attack are on the increase.

Those without antivirus software should be aware that online data scams are very much on the increase and one major website believes it to be a growing trend.

So just what does data capture involve? It’s the capture, for nefarious means, of personal email addresses, home addresses and telephone numbers; indeed, it’s the capture of as much personal detail as possible.

And this can be done easily online if surfers do not use antivirus software, or indulge in ‘unsafe’ practices whilst using the internet.

One of the classic ways to trick surfers into divulging their personal details is to target those that are constantly searching the internet for special offers and bargains. There are thousands of ‘fake’ websites out there who say that they offer superb deals, or frees samples, when it is in fact a ruse to get people signed up and providing their personal details.

One of the most popular tricks nowadays are the websites which say offer free iPhones, whereas in reality all they want to do is capture data for their own reasons. It’s not always as simple as offering free products, with techniques used becoming more sophisticated, using such things as surveys and competitions, plus Facebook applications.

The users most at risk are those who tend to frequent social networking websites as scams can be spread virally within minutes.

The founder of a website which specialises in free items, Andy Varley, says:
“Data scammers are becoming savvier in the way they try to trick Web surfers. We are seeing more variety in the way companies look to harvest personal data, so it pays to be on your guard.

“If a form exists to capture data, you need to carefully consider how the website will handle the information submitted. In many cases there will be a catch.

“Legitimate sites exist but it can be easy to fall foul of a marketing scam. Genuine offers all display certain characteristics whilst rogue websites often sell details to third party companies. The end result is tons of junk mail and e-mail spam. In worse cases this could mean identity fraud.”

Mr Varley recommends a number of ways to avoid being caught, even if antivirus software is fully up to scratch.

Firstly, try to use websites that are offered by familiar companies, or brands. Secondly, check the Privacy Policy of the website you are using to see how your personal data will be used by the company. Thirdly, remember the old adage, there’s no such thing as a free lunch. If the offer seems too good to be true, then it usually is. Fourthly, when using a website, always use a secondary email, rather than your main personal, or work email.
And finally, the most important of all, keep your computer updated with the latest antivirus software.

Guest Article by Neil Camp 

Imagine this. Manufacture a car and make plenty of holes in it so that all sorts of nasties and indescribable can get in whilst your driving alone. And once your car has been infiltrated by these ‘outsiders’, they can disrupt the controls, or grab your wallet and nick your money.

Ridiculous? Yes, but when it comes to software applications, that’s what happens every minute of the day.

Indeed, if that happened in modern day cars, there would be a consumer outcry. But in the software industry, it’s the norm.

Software applications are complex lines of computer code. And the problem is, that they are so complex (just lines of 0 and 1s), that it’s easy for a programmer (most modern day code is written in C++), to make a mistake.

Now it might be a minor mistake, but that’s all that a modern hacker (or cyber criminal as they are known as these days) needs to exploit the application. Because certain mistakes, or holes in the code (which are known in the trade as ‘bugs’), can be exploited. And the holes are in effect open portals through which hackers can insert new code which are known as viruses. Basically, a virus is a line of command code which serves a purpose designed by the hacker.

It might be as innocent as a joke which can appear on the user’s screen at a given time; or, it might be as dangerous as monitoring the user’s internet surfing and eventually learning how to drain their bank account.

But the point is, that the code, complete with ‘bugs’, is sold by the computer companies as finished products.

Now, to be fair to them, if they were to produce a totally bug free product, it would take years longer to finish and to market. And, arguably, a bug free state would be almost impossible to achieve, because the hackers tend to evolve their strategies over time.

For example, take Windows XP (the Microsoft operating system) which is one of the most complex and sizable applications you can buy, with millions of lines of code. Only now, after a huge number of service packs and patches (literally shoring up the defences and closing the holes), is Windows XP almost watertight. It has taken years to reach this stage and since then, two further incarnations have been launched: Windows Vista and Windows Seven.

And although software developers are getting better, it’s still a sad fact that most complex software applications you can buy, will have bugs and will be vulnerable to hackers.

The only way to cope with this is by using tools from quality antivirus software developers. It is these companies which have inherited the role which many believe should have been taken seriously by the developers.

The downside is, that you have to spend extra to protect products that arguably shouldn’t have been sold until they were watertight. But if you wanted 100% security, then you might have to wait years for products.

So, a flawed industry, yes, but is there a way out, yes again: buy good antivirus software and when it comes to surfing, always be a cynic.

Guest Article by Neil Camp 

Users of personal computing devices, and that includes smartphones, buy antivirus software to keep themselves safe from viruses, so it must have been a little galling for them to learn that some nasties are being delivered by the official route.

But even those who religiously use antivirus software to keep themselves safe, were shocked to learn that some Apps purchased from the official Android Marketplace have been discovered to be ridden with viruses.

And whereas the cyber criminals used to focus their activities on desktop and laptop computers, as smartphones get ever more sophisticated, and used for many more things (including banking), they are becoming very popular targets.

So when news broke that 50 applications which could be downloaded from the Android Marketplace contained a virus, people were naturally shocked.

They are known as booby-trapped apps and are downloaded by mobile device users in good faith. One such application was said to have been downloaded over 200,000 times.

The cyber criminals are very clever though, which makes the work of detection that much easier. They copy existing, best selling apps and then re-package them as their own work. And within the copy they embed the malicious malware. And malware is the word used to describe a virus; it’s basically code that is there with malicious intent (to get the host system to do something for the hacker).

Perhaps disappointingly, the viruses were not discovered by the operator of the Android Marketplace, but by an eagle eyed user of the website Reddit.

They realised that one app was listed under the name of a publisher that they know had not developed, or marketed the product. On investigation, he discovered that the app in question – which let people play a guitar on their mobile device – had the same appearance of the original app, but was being listed under another name. What’s more, this copy app contained malicious code. The person who discovered it realised that it had been downloaded up to 200,000 times whilst it had been on the apps store.

On further investigation, the person also discovered another 20 odd apps that included the same string of code. Indeed, further parties discovered the code was included in more than 50 individual apps.

The virus line of code – known as a DroidDream – has a number of malicious tasks to perform once it has infected it’s new host. Firstly, it sends data (including the phone’s unique identification number) to a remote server. Secondly, it uses exploits to bypass the phone’s security controls and effectively allows the hacker to gain control. In short, the phone becomes a zombie which can be used at whim by the hacker.

Google, which operates the Android Marketplace, says it has brought down the offending apps and suspended accounts where necessary. It also points out that the latest Android operating system, which goes by the name of Gingerbread, cannot be infected by DroidDream, although this does rely to some extent on a remote revival facility.

Rik Ferguson, who wrote about the incident on the Trend Security blog, said, when discussing the remote removal facility:
“This remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.”

The moral of the tale, buy antivirus software for your smartphone, as well as your desktop and laptop?

Guest Article by Neil Camp 

When it comes to internet security, Google, like other huge portals, are sitting targets for cyber criminals and hackers, but shortly after news of yet another hitch with their email system (thousands having ‘disappeared’), comes an announcement that the search engine giant has acquired a company called Zynamics.

German based Zynamics, an internet security company which focuses on software analytics, was founded in 2004 by Thomas Dullien, the current Chief Executive Officer.

Zynamics researches the automation of reverse engineering and code analysis. In terms of its product line up, it produces four reverse-engineering tools: BinDiff, VxClass, BinNavi and BinCrowd. These four products are used by thousands of researchers in the internet security community.

Google was tight lipped about price it paid for the company and exactly where it fits, but experts believe that it will be used to enhance the protection already used by them to protect their users.

The latest incident to hit Google concerns a number of missing Gmails, although they have since announced that the problem was not a virus, but a software bug. There’s a big difference between the two. Viruses are ‘man made’ bits of code that are developed and inserted into applications for nefarious reasons. A software bug is usually a faulty line of code (say a missing instruction) which can cause a shutdown, or a wrong action. The problem is, that many bugs are in effect holes in the wall through which barbarians can exploit and deliver viruses.

So although bugs are innocent, they are often the precursor to a cyber attack as they represent weak parts of the application’s defences.

In this case, Google have admitted that a number of emails went ‘missing’ (accounts were accidentally wiped) but, as they put it, were never lost. And because they are backed up on tape, they were replaced in a matter of days. They confirmed that just 0.02% of 170 million odd customers were affected.

Google handles such matters in their official Gmail blog and this is what it said:
"I know what some of you are thinking: how could this happen if we have multiple copies of your data, in multiple data centres? Well, in some rare instances software bugs can affect several copies of the data. That’s what happened here. But restoring data from them takes longer than transferring your requests to another data centre, which is why it’s taken us hours to get the e-mail back instead of milliseconds. Thanks for bearing with us as we fix this, and sorry again for the scare.”

Google will be hoping, when it comes to internet security, for not too many scares in the future.

Guest Article by Neil Camp