Software antivirus giant Symantec – developer of the Norton brand of products – has issued its January 2011 MessageLabs Intelligence Report.

Symantec, one of the largest software antivirus companies in the world, revealed in its latest monthly report that global spam levels were down, although it still accounts for some 78.6% of all email traffic sent. And that’s the lowest since March 2009 when the rate had dropped to 75.7%.

The drop, says Symantec, was due mainly to three botnets – Lethic, Rustock and Xarvester – stopping operations and disagreement amongst a number of pharmaceutical spam-sending gangs.

A senior analyst at Symantec said:
“The closure of spam affiliate, Spamit, was partially responsible for the disruption to spam output. However, there are likely other factors at work, such as consolidation and restructuring of pharmaceutical spam operations which has led to instability in the market likely to be exploited as a business opportunity by other spam gangs. We expect to see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge and botnets compete for their business.”

Botnets are hugely important when it comes to spamming and its reckoned that they were responsible for much of the spam circulating the globe. Indeed Rustock accounted for nearly half of all spam sent and on day alone, might have sent in the region of 44 billion spam emails. This gives it the distinction of being the single largest spam-sending botnet.

The Symantec analyst said about Rustock:
“At various points during Rustock’s history, the botnet has often exhibited irregular spamming patterns by sending huge volumes of spam before going quiet for several weeks at a time. But throughout 2010, its spamming pattern was more regular and it had been active non-stop until December 2010. Our investigation revealed no evidence of Rustock being disrupted in any way either by law enforcement or through other action.”

The bad news is though, that Rustock has resumed spamming – although not at its previous levels – and the Bagle botnet has taken over where the others left off, accounting for 20% of all spam emails; a figure which is growing.

Other parts of the report show that the number of email borne viruses is down as well, with one in 364.8 contained a virus, which equates to 0.274% and compares with the previous figure of 0.3%. And phishing slightly increased, with one in 409.7 emails explaining a get quick rich scheme.

Which goes to show that the need for software antivirus programmes has not at all lessened.

Guest Article by Neil Camp 

Antivirus software is something that many online shoppers have come to depend upon, so it must come as a bit of shock for users of the Lush website to find their credit card details being attacked by a gang of determined cyber hackers.

Indeed few would doubt that anti virus is not a good idea, but it’s not just the individual computer user which has to be careful – companies and their websites need protection as well.

Lush is a cosmetics website and it would appear that it was penetrated over a four month period spanning October 2010 to January 2011. The site was brought down by the management on 21 January, 2011. It’s usual Home Page was replaced with one that mentioned the attack. It told users of the website that anyone who placed an order between the start of October (4th) and near the end of January (20th), should now contact their card’s issuing house to ensure that it had not been compromised.

A number of Lush customers have reported problems with their cards and say fraudulent transactions have happened since using the compromised website. The Lush Facebook page took the full vent of some customer attacks as they complained that the problem had not been spotted early enough, taking place as it did over four months, and that they were seeking compensation from the company. It was not only the fact the cards might have been used by someone else, but that just the mere threat of a fraudulent charge meant that cards had to be cancelled and renewed.

A security expert told the BBC:
“I was initially alerted to the attack by one of my own friends whose card, along with her husband’s, have subsequently been used to make fraudulent purchases totalling almost £6000 from well-known online retailers. The risk of these stolen card numbers being used by criminals has already moved from the theoretical to reality.

The Lush management said that more had been done to stop the problem than might at first be apparent to its customers. A director of the company, Hilary Jones, explained that they had first become aware of the issues on Christmas Day and the site was brought down promptly. Then management set about discovering the intentions of the hackers, whether to steal money, or just be awkward.

The first sign of trouble came when large numbers of small transactions began to appear. This is a way that hackers ‘test’ a credit card to see if it is ‘live’ and worth exploiting. What’s more, she emphasised that during the four month period the site was not penetrated all the time, but that was the time needed to safeguard their customers.

She said: “As an ethical company we could not keep that information to ourselves. We had to tell a huge raft of customers. We really want to make sure we cover all possibilities. We wanted to tell more customers than less.”

The Lush website has since been replaced by a new online shop and payments will only be accepted through PayPal, which just goes to show, that all companies must also make sure they have the best possible security software.

Guest Article by Neil Camp 

The mantra from the computer security industry has always been buy antivirus software, and these are wise words considering the number of concerted attacks on systems and websites.

One of the latest attacks, and one which enforces the buy antivirus software mantra, was directed at online gossip website Gawker Media. The hackers managed to get into Gawker servers, and the result was that 1.3 million user account passwords were compromised in the attack. The hackers then posted the file with all of the details onto a file-sharing site that has been associated with the infamous 4Chan.

To add insult to injury, the group ‘Gnosis’ released a file taken from Gawker on the file-sharing website Bittorent, and more passwords were put at risk.

With the passwords at their fingertips, spammers got into thousands of Twitter accounts and used the opportunity to advertise dieting pills. Although the motivation for the attacks has not yet been ascertained, it is not the first time that Gawker has suffered in this way.

In the past it has also been used to attain passwords, that are then used to hack into Twitter accounts and publish messages of support for the whistle-blowing website Wikileaks, most likely in response to Gawker’s publishing of blogs that are critical of Julian Assange, Wikileaks’ founder.
Graham Cluley, a consultant at security firm Sophos, highlights the dangers of a password being discovered: “Anybody that has had their Gawker account details published can expect to be targeted by other hackers. Every identity thief, hacker and spammer out there will be attracted to that password file.”
Rik Ferguson, a security research at Trend Micro, highlights a problem that has led to so many passwords being accessed so easily: “It’s all too common that people use the same password for multiple accounts.”

Internet security advisors and websites are therefore continuing to stress the importance of using varying and complex passwords. Users are encouraged to not be put off by having to remember difficult passwords; all passwords, Mr Ferguson claims, can be made simple to remember. This is particularly poignant advice, as in the latest attack on Gawker, the passwords that were used by spammers were the ones that were simple, and therefore easy to decrypt.

Harvesting passwords and allowing spammers into peoples’ accounts is a fluid and increasing activity, and although in this case it was only social network accounts that were affected, it could have been much more serious information that was accessed. For banking details and other personal information, more complicated and safer passwords are a necessity, stress industry officials. This, combined with the right kind of software, can help keep your most personal details secure. The mantra buy antivirus software has never been more relevant in today’s world of sophisticated hacking.

Guest Article by Neil Camp 

Antivirus firewall software is not going to stop internet surfers accessing websites that sell fake, or unlicensed medicines, but the US Government is determined to target such operations.

The problem is that antivirus firewall software cannot determine the legitimacy of online products, especially those selling pills, and although it will guard against malicious attacks, the confused consumer can easily be tricked. This is the concern of the US government, who have given a solid promise to try to shut down web stores that sell a various array of pills and drugs.

Alongside their promise for affirmative action, they also hope to educate internet users about the dangers of trusting such websites, and buying potentially harmful drugs over the internet. The numbers of users who do buy pills over the internet tally to nearly 36 million, and that is in America alone. These unlicensed pharmacies are not only illegal, but dangerous.

Victoria Espinel, US intellectual property enforcement co-ordinator, says: "Those who sell prescription drugs online without a valid prescription are operating illegally, undercutting the laws that were put in place to protect patients, and are thereby endangering the public health. It is a real wake-up call that so many Americans have engaged in this dangerous behaviour.”

It is not only the US government that has pledged to help in the crackdown; internet search engine giants, net hosting companies and payment providers have all given their backing to the government’s drive. Google, Network Solutions, Visa, MasterCard and PayPal have all given their names to the operation.

With these names, combined with the power of the government, the US hope to target every area and block up any gap that may lead to unlicensed pharmacies selling their illegal and dangerous trade to online users. A variety of methods will be used: for example taking websites offline, delisting domains known to be used by unlicensed pharmacies, and even stopping payments from getting to their pockets. By taking this proactive approach, they hope to quash this alarming trend.

Of course, the question must be asked as to why so many Americans risk their health by using unlicensed pharmacies online. It has therefore been decided that, alongside the crackdown, research should be taken to see why Americans buy pills online in such alarming numbers. Drugfree and the Alliance for Safe Online Pharmacies are part of the team undertaking research.

Steve Pasierb, president of non-profit Drugfree.org, says: "The abuse of prescription medications is one of the most troubling public health problems in our country today.”

It is hoped that by combining a proactive crackdown with research, and with education campaigns, the trend for Americans to buy pills over the internet from unlicensed pharmacies can be reversed. In this case, technology such as antivirus firewall software is not the answer to the problem, but it is hoped that a concerted human effort will bring down illegal pill-peddlers in the US.

Guest Article by Neil Camp 

It’s being alleged that malware writers are alive and well in a number of antivirus security firms.

And much of these antivirus security allegations are centred on activities in China. The centre of many alleged fraud scandals, China has its fair share of cases involving malware writers using their talents to bring down competing antivirus software companies.

The latest outrage is focused around a former official at Beijing Municipal Public Security Bureau, who has been given a ‘suspended death sentence’ after being found guilty of corruption.

The long-running rivalry between Rising and Micropoint (Micropoint being founded by former employees of Rising) is at the centre of this conviction. Yu Bing, the security official, was partly convicted for mass embezzlement and corruption because of his alleged crimes against Micropoint. The government accused Yu Bing of denying Micropoint access to official testing, and of actions that led many Micropoint employees to be accused and convicted of creating malware to advance their position. Rising have been quick to distance themselves from the case.

The ‘Epoch Times’, a Chinese anti-establishment news source, threw the accusations at Rising, but do believe that Rising is one of many companies in the security industry that creates malware for their own benefits. They call it ‘an open secret’, and claim that the industry is rife with this sort of corruption and fraud.

Other antivirus and security companies across the world are, however, not so quick to believe the allegations. John Hawes, a Technical Consultant at Virus Bulletin: "It seems pretty unlikely that anyone working in a serious security firm would consider creating their own malware. This is an industry which relies heavily on trust and respect between competitors; there’s a very strong moral code which totally forbids anything like that. Many outside the industry seem to find it amusing to suggest such theories, but most researchers will have heard the same thing many, many times. Those in the know are well aware that creating new malware is not only unethical but pointless…’

This latest row over allegations of corruption in the industry are only one in a long, convoluted series of events and stories coming out of China. The author of the Fujacks virus (also known as the ‘panda-burning-Joss-sticks’ virus, due to the cartoon icon that appeared in the place of the file it had infected), Li Jun, is believed to have been hired by the Spanish firm Panda. The reports suggested that the convicted malware writer was hired by Panda to advance their own name at the detriment of their competitors, but it was quickly denied by Panda, who claim it was a misunderstanding arising from some Chinese software marketing.

With the allegations that malware writers are helping companies to beat their rivals, one can only hope that the effectiveness of these antivirus security firms are not impeded, and that they can continue to keep users’ computers safe from internet threats.

Guest Article by Neil Camp