BitDefender, the creator’s of one of the industry’s fastest and most effective lines of internationally certified security software, has released some top tips for festive shoppers to take whilst online shopping.

Says BitDefender’s senior Antispam researcher Catalin Cosoi
“Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn’t have to cost consumers more than they’ve bargained for.

“By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC.”

First top tip is know where you’re shopping from and read the small print. BitDefender are keen to remind people that not every website is legimate, with some cybercriminals either creating virtual copies of well known branded sites, or creating their own very convincing merchant sites. In short, only buy from those who are genuine high-street, or online retails.

Second top tip is beware of those online merchants who want more than your name and email address in order to cash in a coupon. Remember that a legitimate site will not ask for more than is necessary to redeem the coupon. But many illegal and bogus sites target online shoppers with online promotions and to entice a consumer to enter personal information in order to receive coupons or other merchandise. This is then used elsewhere, mainly to build clone identities.

Third, and anyone who ignores this point do so at their peril, never use a PC to shop unless it has an up-to-date and properly working security suite on board. Surf, or email, without such a security suite and it’s only a matter of time before you become infected.

Fourth, stick to the sites you know and trust, or have used successfully before. If unsure about a site, have a look in the chat rooms and forums, and see if there are any rumours, or gossip.

Fifth – remember the old adage that there is no such thing as a free lunch. You must be very wary of special offers, or unbelievable deals. They can often end with your computer being infected.

Sixth tip; use credit cards where possible, as they offer more protection than debit cards, and even better, see if you can pay cash on delivery.

Finally, look out for the https connection to a website. It’s not a guarantee of safety, but most of the sites thus connected are safe.

Guest Article by Neil Camp 

As the festive time approaches, McAfee is warning people to be on the look out for a whole host of scams and online attacks.

Ironically, the season of goodwill can be one of the most dangerous times to be online, as cybercriminals take advantage of the holiday season to steal consumers’ money, identities and personal and financial information.

Jeff Green, senior vice president of McAfee Labs, said:
“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity. These thieves follow seasonal trends and create holiday-related websites, scams and other convincing e-mails that can trick even the most cautious users.”

So McAfee have listed the top 12 scams of Christmas.

• Number one is the invidious charity phishing scam. At Christmas, many people’s minds turn to giving to charity and this is also the time when the number of phishing emails that seem genuine – but are in reality bogus and designed to steal donations, credit card information and the identities of donors – jump dramatically.
• Number two concerns companies who are extremely busy during the festive season with orders and aren’t always as observant as they should be. Cybercriminals are adept at sending out fake invoices and delivery notifications appearing to be from the large courier companies, but which are designed to obtain credit card details to credit back the account (money for nothing in effect), or require users to open an online invoice or customs form to receive the package. And once that is completed, the person’s information is stolen or malware is automatically installed on their computer.
• Number three is when cybercriminals exploit people on social networking websites. Christmas is a time when people often communicate and catch up on things, and as such, they are open to attack. Hackers send out genuine looking “New Friend Request” e-mails from social networking sites, but many users fail to realise that there are often platforms for all types of viruses.
• Number four is the popularity of holiday e-cards at this time of year. McAfee discovered last Christmas a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions.
• Number five is about offers that appear to be a really good deal. Recently McAfee uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering luxury gifts from Cartier, Gucci, and Tag Heuer with apparent huge discounts. The products never existed of course, but the cybercriminals use such tactics to part people with their personal and financial details, and then their money.
• Number six – online shopping has exploded over the recent years, but those people who use hotspots (found in cafes, airports and hotels) should be careful if they make purchases then and there. Users on open hotspots can be spied by hackers who can then steal personal and financial information. McAfee reminds people that they should never shop online from a public computer or on an open Wi-Fi network.
• Number seven is another scam which dispassionately exploits people at Christmas. Those searching for a holiday ringtone or wallpaper, Christmas carol lyrics, or a festive screensaver, can be directed towards bogus websites which contain files, to be downloaded, that infect a user’s computer with spyware, adware or other malware.
• Number eight is another scam which targets people who are especially vulnerable. Out of work people can become especially desperate in the approach to a holiday season to try and obtain work, in order to afford Christmas. Cybercriminals are quick to promise of high-paid jobs and work-from-home moneymaking opportunities. But, of course, once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead.
• Number nine is scams which involve cybercriminals preying on auction sites which become especially busy during the holiday periods. The solution here is for buyers to be very cautious about what goods they are buying and who from. Basically, if it looks a great deal, then be sceptical.
• Number ten is a perennial problem: the password stealers. To do most things on the internet requires a password; anyone who copies that password can then masquerade as a particular person, download their financial and personal details, and even order goods on their behalf. Passwords are stolen in a number of ways, not least pieces of code, malware, which record keystrokes and key logging activities. These can then be used to calculate a given password.
• Number eleven is another perennial: email banking scams which tend to increase during a holiday period, as the logic goes that people are more anxious to ensure they don’t get locked out of their account during busy purchasing times. It involves tricking customers in revealing their bank details by sending official-looking e-mails from financial institutions. The email, which is usually quite a good copy of the real thing, asks users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply.
• Number twelve is the increasingly used ransom scam. Using several holiday scams, hackers gain control of people’s computers and then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer’s pitch is then simple: pay me money and I will release your computer’s files. Straightforward and effective, but particularly nasty.

Guest Article by Neil Camp 

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp

A recent report from computer giant Symantec – creator of the Norton brand of anti-virus products – has concluded that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software.

“Scareware”, a term for rogue security software, pretends to be legimate anti-virus applications and ironically, are often carriers of malicious code themselves.

The findings were part of Symantec’s Report on Rogue Security which is based on data obtained during the 12-month period of July 2008 to June 2009.

It is a simple case of preying on people’s fears that they may be vulnerable to attack say Symantec, who as of June 2009, had detected more than 250 distinct rogue security software programs. The most common method used by cybercriminals to infiltrate their rogue software involves placing ads on the screens of unsuspecting users which typically include false claims such as “…if this ad is flashing, your computer may be at risk or infected…” It urges the user to follow a link to scan their computer, or get software to remove the threat.

Worryingly, according to the study, 93% of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user.

Stephen Trilling, Senior Vice President, Symantec Security Technology and Response, said
“The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user. To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites.”

Furthermore, said David Wall, PhD. professor, Centre for Criminal Justice Studies, University of Leeds:
“Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits. This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it’s a con. I would advise Internet users to be careful while online and only download from trusted sources.”

The report stated that the money lost by people downloading such rogue software programmes varied from $30 to $100, but the costs of regaining back personal details from an identity attack could be far greater.

It also said that not only did these pieces of malicious code try and attack a user’s computer, they could set-up a person’s computer for future attacks from other cybercriminals.

Symantec, like many other computer security companies, actively advises people to be aware that their personal details can be sold and bought on the internet in what is a thriving trade between cybercriminals.

They also advise computer users to be on their guard against the tricks employed by cybercriminals to get their rogue software in place.

Computers users should employ a number of tactics to keep themselves safe, including:

• avoid using website links in emails. Although it may look like a site you know, it may have been subtly altered into appearing to look the same, but actually link you to bogus site which does contain malicious software;
• when emails arrive with attachments, ensure they are from trusted sources, otherwise never view, open, or execute them;
• be suspicious of emails not directly addressed to your email address;
• beware very aware of pop-up windows and banner advertisements that mimic legitimate displays;
• look out for suspicious error messages displayed inside the web browser which are used by rogue security software scams use to lure users into downloading and installing their fake product.

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

Growth in UK cybercrime increased throughout 2008 at levels not seen since 2006.

And the reason is the credit crunch, says Garlik’s third annual UK Cybercrime report, which fuelled a massive growth in cybercrime. Another contributing factor has been consumer complacency.

The researchers behind the report analyse public data to build a comprehensive view of cybercrime. It was clear that during 2008 cybercriminals adapted to the social and economic changes in the UK to exploit victims in new ways and commit over 3.6 million criminal acts online (that’s over one every 10 seconds).

Furthermore, a growing complacency was noted amongst consumers which demonstrated poor understanding of their responsibility to protect their personal information against fraud.

This was reinforced by findings which showed a 20% increase in account takeover, indicating that criminals have now shifted their efforts from opening new accounts with stolen identities to accessing existing accounts.

The report also discovered that online banking fraud increased by a staggering 132%, with losses totalling £52.5 million, compared to £22.6 million in the previous year. And responsible for most of this were 44,000 phishing websites which specifically targeted UK banks and building societies.

Tom Ilube, CEO, Garlik, said:
“We fear that account takeover fraud will continue to increase in 2009 due to the decline of available credit and tighter credit checking by the banks. Consumers must be extra vigilant of all their online and financial accounts as well as avoiding increasingly convincing phishing scams.

“As threats shift and change, it is essential for consumers to take steps for their own safety: even if they think that it is ‘someone else’s problem’. It is not. Consumers need to be smart online and stay one step ahead of the cybercriminals.”

Dr Stefan Fafinski, of Invenio Research which owns Garlik, said:
“One possible explanation for the sharp rise in cybercrime lies in the consumer reaction to it. Identity theft in particular received a great deal of media and public attention in 2006. As a result, many consumers took the first steps to protect themselves, buying shredders and anti-malware software to feel secure but have since become too complacent and as a result have been hit by the next wave of cybercrime”.

Guest Article by Neil Camp

Cyber crime has become bigger than drug trafficking for the criminal fraternity. Whats more, say security company Symantec who develop the Norton software range of anti-virus products, one in five people will become a victim of cybercrime in the future.

Symantec research has shown that every three and a half minutes a crime is committed on the streets of New York City, and that every two and half minutes a crime is committed on the streets of Tokyo. Compare that though with every three seconds an identity is stolen online; that’s nearly 10,512,000 identities each year.

And one of the real attractions for cyber criminals is not only the profitability of such crimes, but their anonymity as well, which makes online crimes much more difficult to prosecute than offline crimes.

In response, Symantec has launched a self-styled ‘crusade’ against viruses. It claims to be exposing the inner workings of one of the largest illegal industries in the world and in doing so, hopes to help provide the information that people need to stay protected through a collection of educational and actionable assets and corporate actions.

These include:

• Internet Black Market video series. These videos invite people to take a virtual tour and learn how the online criminal marketplace operates, including what is for sale and highlight the latest cyber thief schemes;
• Every Click Matters website. This takes what they claim to be an entertaining and educational look at the world of cyber crime, exploring digital dangers and who’s behind them, understanding whether cyber crime can actually do to people and educate them on what you can do about it;
• Norton Online Risk Calculator. Could be a useful add on as it offers a quick and free tool to evaluate a user’s risk level and provides an estimated value of their personal data to thieves in the criminal underground;
• “Cyber Crime Exposed” Booklet. This educates on the threat of cyber crime, the risk it poses and how to safeguard against it through simple everyday steps;
• Norton Internet Security 2010 and Norton AntiVirus 2010. Symantec lobbies governments and other agencies and organizations around the globe to support and influence legislation, policy and public education as it relates to online crime, Internet safety and privacy.
• Making it harder for cyber criminals to scam computer users. Symantec educate on the threat of cyber crime, the risk it poses and how to safeguard against it through simple everyday steps;
• Norton Internet Safety Advocate. Via one Marian Merritt who is a nationally recognized representative for Symantec’s ongoing efforts surrounding Internet safety. She works alongside educators and public and private organizations to help families enjoy the Internet safely and securely.

So there you have it; viruses are now more popular than drugs.

Guest Article by Neil Camp

A new virus is in town and this time it’s got a specific target: online banking customers. Known as the Clampi virus, it represents a major threat to those that bank via the internet.

The Clampi virus is whats known as a Trojan, mainly because of its ability to secretly penetrate a computer, wait patiently until needed, then report bank to its creator, or indeed, take instructions from its creator.

And the cyber criminals behind the Clampi virus have on objective in mind: to steal personal details from a computer.

It is spreading rapidly through the US and UK, infecting computers and then waiting until the time is right to strike. When the user of the computer logs into their bank account for example, the Clampi virus makes a note of the username, password and other pertinent details, which are then sent back to the hackers.

These details are then used by the hackers to enter financial sites and either transfer money, change account details, or set-up frauds.

It is believed that people behind the Clampi virus monitor in the region of 5,000 financial websites and amongst these are most of the UK high street banks. But it’s not just banks; sites run by mortgage lenders, online casinos, shopping operations and email providers are also targeted.

In the US the Clampi virus has already been responsible for thefts of thousands of dollars and its been reported that many schools and businesses have been affected.

The Clampi virus is not new, having been around since 2005, but computer security experts think that this is a new, more virulent strain and poses a major threat to online banking. And they believe it attacks in waves, the UK banks being a major target.

They are unsure as to the true extent of the damage caused in the UK, especially given the covert nature of Clampi’s operation, but think that over 1,000 computers have already been affected. And those running Microsoft Windows operating systems seem to be more vulnerable than most.

And the computer security experts are warning again that people should remain vigilant at all times, reiterating the fact the such viruses are usually distributed embedded in emails, website downloads and instant messages, as attachments and links. They urge anyone not to open links, or attachments, from sources they cannot trust.

What’s more, they remind computer users that they should never send emails, or surf the web, without an up-to-date anti-virus software application on their machines.

Guest Article by Neil Camp

The cybersecurity giant McAfee has released details of its network security strategy to give enterprises a secure and cost effective security solution.

McAfee’s new network security strategy has been developed to address the needs and desires of business and enterprises. Many of these concerns are focused around the slowdown in today’s economy, which appears to be driving cybercriminals to be more and more of a threat to businesses’ cybersecurity.

In conjunction with Purdue University, McAfee has discovered that businesses worldwide are losing an estimated one trillion dollars a year through cybercrime. Malware is on the rise, with McAfee reporting that in the year 2008 they saw more new malware than in past years combined.

McAfee has therefore responded to the growing concerns and worries of its consumers, by ensuring that their security solutions are cost effective and come from a single vendor.

Dan Ryan, executive vice president of Network Security Business Unit at McAfee, said: “From conversations with our customers, it is clear that enterprises spend an enormous amount of time, money and administrative overhead managing multiple security products. McAfee’s comprehensive line of network security products eliminates the need for multi-vendor solutions and ensures the absolute lowest total cost of ownership available today.”

The McAfee strategy integrates all areas of McAfee’s portfolio of products, including: network firewalls, web and e-mail security, data loss prevention, and McAfee ePolicy Orchestrator provides a centralised security management console. The security is maintained by McAfee’s global threat intelligence, which is powered by McAfee Avert Labs.

Chris Christiansen, vice president, Security Practice, IDC: “Organizations must take a more unified approach to security. The days of managing network defence, Web and messaging security and data security as separate activities simply won’t succeed in today’s economic and threat environment. Effective Network Security must have global intelligence and must be integrated into the broader organizational security management infrastructure. Vendors that deliver these levels of integration in a complete suite will be successful as this will lower overall cost of ownership for organizations. For the next three to five years, reducing cost of ownership will drive security investments.”

McAfee is delivering their strategy within their Network Security Business Unit.

Guest Article by Neil Camp

The computer security giant McAfee has identified which Internet searches are most dangerous to computer safety and which are the safest.

McAfee’s report, entitled ‘The Web’s Most Dangerous Search Terms’ claimed that dangerous Internet searches include searching for things such as free music or screensavers. These search terms are used by cybercriminals to ensnare web users and lead them to their own websites.

Once a web surfer has visited this website, they are vulnerable to downloads that infect your computer, such as spyware which can help reveal private bank details to hackers and other cybercriminals.

McAfee’s report also identifies that these dangerous search terms are changing with regard to the new global economic environment. With higher numbers of people being made redundant due to the economic slump affecting so many, cybercriminals are now using search results to target people looking to save money or find a job working at home.

Jeff Green, senior vice president of McAfee Product Development & Avert Labs said: “Cybercriminals are smart. Like sharks smelling blood in the water, hackers will create related Web sites laden with adware and malware whenever a particular topic increases in popularity. Unsuspecting consumers are then tricked into downloading malicious software that leads them to blindly hand over their personal assets to cybercriminals.”

The riskiest set of search words, according to McAfee’s report, include keywords to the variation of ‘screensavers’. The research concluded that nearly six out of the top 10 search results for the keyword ‘screensavers’ contained some form of malware.

The riskiest search of the 2,600 most popular keywords that McAfee researched was ‘lyrics’, with the risk factor rising to one in two.

The research concluded, however, that the word Viagra was one of the least risky of keywords. The keywords with the safest risk profile included search words related to health and the current economic climate.

McAfee’s report also indicated global variations on these risks. Many of these countries had keyword categories that ended up exposing web surfers to the higher risk sites. 12 countries were exposed to an overall higher risk than McAfee’s average, including Mexico and India. McAfee’s report therefore pointed to cybercriminals targeting those outside of the U.S.

McAfee gave caution to home workers and to those looking to save money: if a result contains the word ‘free’ it has a 21.3% chance of infecting a computer with spyware, spam, adware and other malicious cyber threats. The search ‘work from home’ is four times riskier than the average risk given for all popular terms.

To protect against these vulnerabilities, McAfee SiteAdvisor Technology has been designed. This rates every trafficked site on the Internet to conduct automated tests. Web sites are ranked using coloured ratings, so that users are knowledgeable as to what they are clicking on. McAfee have also recently announced the Cybercrime Response Unit to help arm users against the threat.

Guest Article by Neil Camp