The latest antivirus review from leading computer security company Symantec, which develops and markets the Norton range of products, has headlined its report with the news that global spam has dropped by a third.

The Symantec antivirus review notes that the infamous Rustock botnet has been dismantled, leaving the Bagle botnet to become the most active.

It’s been estimated that prior to its fall, the Rustock botnet was responsible for nearly 30% of the world’s global spam traffic, which equates to around 14 billion spam emails a day.

But although spam levels dropped by a third, other botnet have taken the vacuum created by Rustock, notably Bagle which takes the number one position as top spammer.

Paul Wood at Symantec said:
“It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years. Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries.”
 
“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers’ air-supply, without which it would be very difficult for them to operate. Botnets are also used for other purposes such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users.”

The antivirus review also reported that the number of email borne viruses is virtually static at one in 208.9 emails in the month of March. And of those infected emails, nearly 65% of them directed traffic towards malicious websites, a slight decrease on the previous year.

When it comes to phishing, there was a very slight decrease in activity in March, with one in 252.5 emails.

As for websites which might be harbouring malware, the antivirus review stated that around 3,000 websites a day are home for various malware and other unwanted programmes which included spyware and adware, although this was down an encouraging 28% since February.

Guest Article by Neil Camp 

Antivirus reviews can take many forms and one from the EU cyber crime agency ENISA, questions how botnets are measured and their impact assessed.

ENISA stands for European Network and Information Security Agency and issues many antivirus reviews and advice documents throughout the year.

ENISA has written two studies about botnets which were published at a recent workshop in Cologne, Germany. They set out to evaluate the threat of the botnet problem and how effective are the current measures in dealing with them.

Botnets are basically a network of zombie computers which are used to send out millions of spam emails. Spammers rely on huge numbers to make their process work: you send out many thousands of emails and expect one reasonable reply (say an order, or someone submitting personal details). Just that one response out of thousands makes the spammer viable. But to send out millions of emails requires time and energy, and many computers.

The advantage with machines that have been compromised (usually by a Trojan which takes control without the user knowing) is that they are effectively anonymous and are not linked with the spammer. They sit there, performing the usual tasks for their owner, yet are also, unbeknown to their owner, performing other tasks for the hacker. And this might include issuing thousands of emails on a daily basis.

And each individual computer (the bot) which has been infected (the zombie) sits within a network of likewise compromised machines (the botnet).

Many local authorities in the UK have discovered that their PCs have been unwittingly enrolled into various botnets exploited by hackers throughout the world.

But ENISA say that the threat of the botnets might be overestimated, given that although millions of machines have indeed been infected, the hacker might be able to employ a fraction of those to perform a single task.

Indeed, the number of machines that can be exploited by the hackers is considerably smaller than many reports have initially suggested. This does not diminish the threat of such networks of zombie computers, but it does try to put forward a more realistic picture.

Both the ENISA antivirus reviews are available online.

Guest Article by Neil Camp 

Anyone reading antivirus reviews might be pleased to know which are the best and worst European nations when it comes to being protected online. And who will have clear consciences, and who will have red faces.

For most antivirus reviews it’s the Dutch who are the most protected Europeans online. As to the worst, it appears that Latvians lose most money when it comes to financial losses and Bulgarians are the most likely to have their computers infected with malware.

On this occasion, the antivirus review was published by the European Commission’s statistical office known as Eurostat. This published, on Safer Internet Day which was 8th February, a report on various Internet security statistics as collected from across Europe.

A key finding of the report involved the use of IT security software (which included both antivirus software and firewall applications) and the figures show that use of such protection was the most common in the Netherlands. Here it was shown that around 96% of all surfing computer users in Netherlands are protected by such computer security. In second place were a number of countries: Finland, Luxembourg and Malta.

Lagging at the bottom are Estonia, Latvia and Romania. Here it’s reckoned that only two-thirds of surfing computer users avail themselves of computer security programs.

The report also revealed that in the last 12 months, over 30% of Europeans had fallen victim to an attack from a computer virus.

When it comes to losing money, Latvians (8%) led the way, but, perhaps surprisingly to many, is the fact that Britain comes a close second (7%).

This should ring alarm bells even for those that seek out the best antivirus products, as Britain has a very sophisticated antivirus software industry. And education to use such products, are readily available.

It will be very embarrassing for the British IT security industry to learn that amongst their fellow Europeans, they are regarded as an easy target, despite all the applications that are available to buy from computer goods shops, or download from the internet.

Guest Article by Neil Camp 

It’s likely that the Burmese military leaders might be in the market for some antivirus software in order to help fend off a massive net attack which came just before the election.

Although no matter how many antivirus reviews they read, it might be to no avail, as a massive and concerted computer attack knocked Burma off the internet which happened before its first election in over 20 years on 7 November.

Many countries have not recognised the elections as being open and honest, with many claiming that the military authorities will rig the election to get the results they want. Election observers and media from outside the country have not been allowed access.

Security software experts believe that the net attacks started on 25 October, but grew to a peak just before election. And they say it was a deliberate attempt to overwhelm the country and knock it from the internet.

Burmese officials admit that the attack is currently ongoing. Despite obvious signs to the contrary, the Burmese generals are promising that the elections will lead to future democratic rule.

Many not surprisingly dispute this claim, saying that the election is nothing more than a sham and is in fact an attempt to keep the military not only in power, but also to tighten their grip on absolute political control.

The party most likely to succeed in the elections, the National League for Democracy (NLD) was not allowed to participate. It’s leader Aung San Suu Kyi remains under house arrest. It was her party that won a landslide victory in 1990 –a result which was declared null and void by the military leaders.

The attack takes the form of a Distributed Denial of Service, which is known as a DDoS. It’s simple in nature and acts to flood a target with too much data, effectively making it give up after being over-loaded.

The power to launch such a DDoS is gathered together using botnets which are networks of compromised computers – some in the home, some in the office – that are machines which have been enslaved by a malicious virus and periodically exploited to attach others. Thus machines from around the world will have been used in the attack.

The problem for Burma is that its links to the internet via satellites and cables that support data at around a maximum transfer speed of around 45 megabits of data per second. When the attack was at its worst, the connections were being bombarded with around ten gigabits of data every second, bringing the system crashing down. Experts said that the attacks were extremely sophisticated and were coming from many different sources.

A spokesman for the Burmese Yatanarpon Teleport company had told the AFP News Agency, before the election:
"Our technicians have been trying to prevent cyber attacks from other countries. We still do not know whether access will be good on the election day.”

A good time to read our own antivirus reviews perhaps?

Guest Article by Neil Camp  

Anti virus reviews and independent testing centre AV-Test.org has issued its latest set of quarterly results. They tested 19 products within their multi-layered certification scheme.

One of the most surprising conclusions from the antivirus reviews and testing procedures this time, was that some of the major companies and their products did not meet the required standard.

Two notable examples of products failing to reach the grade were McAfee’s Internet Security and Microsoft’s Security Essentials, which is a free-for-home-use application. This was the second quarter running that the McAfee application was denied certification.

On the plus side, Trend Micro upped its performance from a poor showing in the last test and achieved its first certification.

The testing scheme, which was launched earlier this year, is made up of a number of key testing components which balances protection against live threats, and then how they are handled, including clean-up and usability issues. Also, impact upon computer speed and the number of false positives are also considered.

For a product to be granted certified status, a minimum score is needed from the complete range of tests.

Both the McAfee and Microsoft applications had problems in the protection and removal categories, although they did score well in other parts of the test.

Another poor shower was Norman’s Security Suite which also managed to not get an award for the second quarter in a row.

In contrast a number of companies and their applications did achieve passes. Norton, developed by Symantec, got the highest score overall, with successes from Webroot, PC Tools, Panda, Kaspersky, GData, F-Secure, ESET, BitDefender, Avira, AVG and Avast.

Anti virus reviews are commonplace these days, but for the large security software companies to fail to score highly with their products, especially given their resources and the money they cost, is somewhat embarrassing for two of the largest players named in this review.

It would be interesting to hear if the companies concerned are happy with the testing criteria and methods used.

Guest Article by Neil Camp