The internet security industry applauded the recent capture of a Botnet hacker in Slovenia.

Known as Iserdo, he is believed to have written the programme on which the mariposa virus is based. Such was the importance of his arrest, that the FBI described it as a major breakthrough.

The mariposa virus created one of the globe’s most virulent botnets which eventually infected over 12 million computers.

Also known as butterfly, the mariposa virus was created as a tool to steal personal financial details from bank customers. Many of the infected companies were in the computers owned by banks, financial institutions and major companies.

The 23-year-old Iserdo was one of the internet security industry’s most wanted men and he, and around a team of three which ran the botnet, have been hunted by officials from around the world. Last December the team of three were arrested in Spain, which led to the closure of the infamous botnet.

The FBI was delighted with the arrests and botnet’s demise, with the deputy assistant director of the unit’s cyber division telling Associated Press:
“To use an analogy here, as opposed to arresting the guy who broke into your home, we’ve arrested the guy that gave him the crowbar, the map and the best houses in the neighbourhood.”

A botnet is a network of compromised computers which are controlled by malicious programmes without the owners of the computers realising their machines are infected. They are designed to sit on the compromised computer and send back key information on the hard drive, including personal information, including usernames and passwords.

Commenting on developments, the BBC was told by Rik Ferguson, an expert in internet security at company Trend Macro, said:
“The guys behind it said it was more successful than they had intended to be. As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success.

“The thing with the underground economy is that it’s full of niche vendors and players, it mirrors legitimate business. There’s a lot of competition – it’s not unusual to see malware designed to remove other
malware, just so that it can take over.”

Guest Article by Neil Camp

Major computer security company AVG has identified new social network application threats from what’s become known as Political Hacktivists.

And these Political Hacktivists are becoming a major threat to social networking websites like Facebook.

For those unsure of the term, Political Hacktivists are those that use non-violent use of legal, or indeed illegal digital tools to make a political statement. For example, the research team at AVG spotted that a number of Facebook accounts has apparently been targeted by Turkish hackers. Their actions appeared to be in revenge for the recent ship seizure as people tried to break the Gaza blockade, but were stopped by the Israeli military.

The Political Hacktivists use a number of techniques and tactics to make their point. These include virtual sabotage, website defacements, re-directs, information theft, virtual sit-ins, website parodies and denial-of-service attacks.

Roger Thompson, AVG Chief Research Officer. said:
“The number of hacked accounts is fairly small, so far lass than fifty, which would indicate that it is not an automated attack, but the number is still increasing, albeit slowly. This is the first time, as far as I am aware, that Facebook has been a victim of political hacktivism.

“Given that the attack seems to be being run by Turkish hackers, and that Turkish hackers had once claimed a world record for defacing 37k pages in a single day, we should not discount the thought that they might find an automated way to move, and we should be extra vigilant with what we click. Think before you link.”

AVG state that Facebook has had a number of such attacks from Political Hacktivists and warns people to take care when accessing social networking websites.

AVG recommends to avoid such Political Hacktivists attacks, computer users should always practice safe surfing, which includes using a link scanner which helps identify, in real time, rogue links and other web-based threats.

And as always, users should ensure that their anti-virus software application is fully up-to-date.

Guest Article by Neil Camp

If you use the internet you need to consider computer virus protection. One way to protect your computer is to use antivirus PC software. The anti virus software is designed to protect your PC from viruses that can be found when you surf the web. 

Computer viruses can be contracted in a variety of ways. Sometimes you will visit a website which has malicious code on it which will then install itself on your computer. The virus code can attach itself to a program on your computer. Some computer viruses can be very dangerous as they can reproduce themselves and infect other computers on your network or even PCs you communicate with through email and instant messenger. 

How do I protect my computer against viruses? 

There are new computer viruses being created all the time which is why it is important to make sure you have the best virus protection. There are many different kinds of PC protection software so you will need to do some research to find out which software is the most appropriate for your computer usage. 

Antivirus reviews are a great way to find out which antivirus software is the best and how they work. Good anti virus review sites will have antivirus software reviews and will also provide information about the latest computer security issues. At Antivirus-BUYability we bring you the latest virus news so you can be aware of all the latest computer vulnerabilities and how to stay safe online. 

Computer Viruses 

Hackers and cyber criminals will often exploit the latest fads and technology in order to spread computer viruses very quickly. For this reason social sites like Facebook and Twitter can be a risk to your computer because they are often a target for people who wish to spread computer viruses. By using computer virus protection you can use these sites with no worries of security issues. 

Another popular way in which computer viruses spread is through email. Because email viruses can spread so quickly it is important when you are reading your antivirus reviews you ensure the antivirus software you buy gives you adequate email protection. Email viruses can inject onto your computer even without opening the infected attachment, by viewing the email in your preview pane can cause infection.

Computer virus protection is a must in a world that is increasingly digital, be vigilant when opening and downloading files. If you are unsure of the source of the file then delete it from your PC. IF you keep up to date with potential computer viruses by reading antivirus reviews sites and buy antivirus software you will have done your best to protect your computer against viruses.

Guest Article by Louise Goldstein

News agency Reuters is reporting that the FBI has started an investigation into the recent security breach of the iPad which resulted in the leak of personal information about AT&T customers.

And the names leaked included a number of senior US Government officials, celebrities and businessman.

The attack on the iPad was first announced by the website Gawker. It reported that a group going by the name of Goatse Security had succeeded into hacking into AT&T’s subscriber data, obtaining the sensitive details from about 100,000 email addresses.

AT&T admitted the attack and said that the flaw had been corrected and what’s more, that only those email addresses which had a security weakness had been exposed by the hackers. AT&T didn’t comment on the role of the FBI.

A less shy FBI spokesman said: "The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Observers see this as a passing embarrassment for AT&T and by no means a crippling blow. The general feeling was amongst security professionals that the breach was not catastrophic and that it had little to do with the iPad’s basic set-up. Furthermore, others pointed out that whenever Government and VIP addresses get hacked, the Feds usually get a call and have to be seen to be pro-active.

AT&T has the exclusive US rights to carry the iPad and the iPhone. This exclusivity hasn’t won it many friends in certain quarters of a jealous industry. There are also subscribers who complain about the quality of the AT&T network.

This won’t dent the incredible success already experienced by the iPad, already selling over two million units worldwide since its launch in April. And the iPad is being seen as Apple’s major battering ram to enforce its international growth strategy. Last month Apple over took its rival Microsoft to become the world’s most valuable technology stock.

Rival models to the iPad are expected soon from Dell and Hewlett Packard, although experts see them playing a game of catch-up.

Guest Article by Neil Camp

Top computer security company AVG Technologies is warning people about rogue Facebook applications which are doing the rounds at the moment.

The rogue applications were said to be part of an aggressive and co-ordinated attack by hackers during the weekend of 15/16 May 2010.

In one period alone – from midnight to 9am on 15 Saturday – AVG spotted and dealt with 300,000.

Talking about the rogue Facebook applications Roger Thompson, AVG’s Chief Research Officer, said:
“This latest issue really underscores how powerful, while at the same time vulnerable, social networking applications are. This attack was actually stunning in terms of scale.

“Facebook is very responsive to threats when we identify them, and removing these applications as soon as they find them, but they’re still able to generate huge traffic, just because of the viral nature of social networks. It is staggering how many threats were propagated before they were stopped.

The rogue Facebook applications attack come wrapped in a time-honoured trap: a picture of a girl in a bikini which encourages the victim to innocently install an adware-supported viewer. The viewer is not viral in nature say AVG and it has been seen in various forms.

The rogue Facebook applications are coming in waves, with AVG saying that the peak before the weekend in question was about 80,000 and then had died to around a few hundred by Friday 14 May. However, that quickly climbed to 200,000 as the weekend started and the attack mounted in ferocity.

To put the rogue Facebook applications attack in context, the second largest attack registered at the same time, some anti-spy software, lodged 24,000 detections.

As Mr Thompson from AVG added about the rogue Facebook applications:
“Interestingly, they launched it on a Saturday. I guess they figure we don’t watch on the weekend, but malcode researchers are all cut from the same cloth as Inspector Gadget… we’re always on duty.”

When it comes to such rogue Facebook applications, AVG warned that people should employ a link scanner which alerts you if a page, or link, is bad. Furthermore, if you have to install a viewer to watch, then walk away. This is a sign that things might not be as they seem. Never download viewers via a link.

Guest Article by Neil Camp

When it comes to finding out about the top malware and spam trends, then the latest report from computer security giants McAfee, covering the first quarter of 2010, is a great place to start.

It discovered that top of the list for top malware and spam trends is a USB worm that has grabbed number one position for top malware worldwide. Furthermore, it concluded that spam trends differ considerably from country to country. What’s more, spam originating out of China and other Asian countries is on the increase. And, early 2010 has been marked by major events, such as earthquake news, which has led to many web searches being poisoned.

The top malware and spam trends report also concluded that most malicious URLs are hosted by US based servers.

High up in the top malware and spam trends report is the fact that the increasing use of removable devices, the majority being USB drives, is acting as a beacon for the most popular malware. Infections that are related to AutoRun held the top and third places. In fifth place are password stealing Trojans which include generic downloaders, gaming software and unwanted programmes, all designed to collect statistics anonymously.

Looking at spam, the report concluded that whilst rates are steady, the subjects differ from country to country. The report shows that the most significant amounts of diploma spam come out of China, South Korea and Vietnam. Diploma spam is all about buying bogus job qualifications in order to get jobs.

Whereas countries such as Singapore, Hong Kong and Japan – says the report – are known for high rates of Delivery Status Notification spam.

Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said:
“Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates. Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”

The top malware and spam trends report also discovered that Brazil, China, Chile, Colombia, India, Indonesia, Philippines, Romania and Thailand, do have a higher proportion of malware infections and spam. McAfee says this may be down to the rapid increase in computer and internet use that these countries have experienced in the last few years, and that as a result, they lack a proper appreciation of security awareness.

The top malware and spam trends report that hackers continue to make use of bad news events, such as the earthquakes in Haiti and Chile, in order to bump their malicious sites up the site engine rankings.

As to where most of the new malicious URLs are hosted, the top malware and spam trends report concludes that 98% are hosted in the US, mainly because this is where most of the Web 2.0 services are provided.

So, when it comes to the top malware and spam trends report, use it to help keep yourself from the hackers out there.

Guest Article by Neil Camp

One of the largest providers of Windows security software is warning companies to be on their guard during the 2010 football World Cup for attacks from the malware community. And to help, they have produced their top tips for world cup computer security.

The Sunbelt Software top tips for world cup computer security are aimed at UK bosses who fear that their employees will take every opportunity, whether with permission, or not, to watch matches – many of which are taking place during office hours – and follow not only England, but various other teams.

But warn Sunbelt Software, the tournament and the interest it will generate not only amongst supporters and the wider community, means that hackers are on the prowl, hence the need for the top tips for world cup computer security.

Malware writers will see employees trying to get their football fix, no matter how, as a great opportunity to launch attacks. And one of the biggest risks, say Sunbelt Software – the authors behind the top tips for world cup computer security – is fans desperately searching for footage on any site to see how their team is progressing. Many of the sites offering such footage will, say Sunbelt Software, be hotbeds of potential computer attacks, containing viruses, platforms for phishing attacks, banner advertising and fake video streaming codec downloads.

So, when it comes to safe 2010 football world cup enjoyment, what should bosses and employees be on their guard against; what are the top tips for world cup computer security.

Top of the pile of the top tips for world cup computer security are infected files, many offered as email attachments, or downloads, that promises such things as special World Cup pictures, news, results, free tickets, or match lists. It is best to avoid these.

Second up in the pile of top tips for world cup computer security is search engine optimization poisoning, which sees the hackers endeavouring to get their malicious sites to the first pages of the listings. This is why it’s essential that new urls are carefully studied before using them and that only sites that a user trusts, are used for such things as news updates and football features.

And such things as fake antispyware programmes will be out in force, tempting users to sign-up to bogus claims that a computer is infected and that a sum of around £50 will put things back to rights again.

Next up in the top tips for world cup computer security is a warning against social networking scams. Sunbelt Software say that they expect malicious links on Twitter, fake applications on Facebook and other tricks on some of the popular 2.0 websites.

Another of the top tips for world cup computer security is the area of website defacements. This concerns websites that are popular at the time of a certain event, or tournament, and are targeted by the hackers. Sometimes it might just involve the simple defacement of a website, but it could involve a totally compromised website which is turned into a delivery mechanism for illegal content.

David Parkin, Sales Director EMEA, Sunbelt Software, said:
“All it takes is one employee to disregard this advice and the entire organisation could be put at risk. It is our hope that business leaders will distribute these tips throughout their organisation and print out further copies and post them in communal areas. By following this simple four-point checklist we can all enjoy this year’s World Cup safely via the Internet.”

Guest Article by Neil Camp

Two bot herders who were part of the team behind the Mariposa botnet thought that their CVs would stand them in good shape when they applied for jobs at Panda Labs.

Bot herders are hackers who establish what’s known in the industry as botnets; computers that have been taken over by the hackers – without the knowledge of their owners – and networked to combine powerful tools for nefarious activities, such as spam mailing.

It’s long been a tactic of hackers, such as bot herders, to commit an attack on a company’s software, or network, and then use that as a kind of ‘real-life’ CV to get job. But in an industry which is becoming far more professional every day, it’s unlikely that this type of job canvassing is going to win many friends in the future.

So when the two herders who helped run the Mariposa botnet turned up at Panda’s offices, there was some amusement and not a little incredulity.

The two bot herders in question were both Spanish and hid behind their online nicknames of ‘Ostiator’ and ‘Netkaira’ when running the Mariposa botnet. But according to Panda, the job hunt was not down to any feelings of remorse, or repentance, but to the fact that the Mariposa botnet had been closed down and the two bot herders had literally run out of money. They hoped that they could come to an ‘understanding’ with Panda, who they believed would welcome their knowledge.

According to Panda, the fact that the two bot herders had been so closely involved in Mariposa, meant that they could not be employed and went on to say that their somewhat dubious technical skills, meant they were unsuitable anyway.

Undeterred, the two bot herders tried again to secure jobs as Panda some months later, but were again turned down.

Panda pointed out that the openness of the two bot herders approach might be explained by the fact that in Spain, running a botnet is not illegal. Although the company went on to say the Spanish national police force, the Guardia Civil, were looking at ways in which the two bot herders could be prosecuted for stealing identities through the Mariposa botnet.

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

The computer security giant McAfee has identified which Internet searches are most dangerous to computer safety and which are the safest.

McAfee’s report, entitled ‘The Web’s Most Dangerous Search Terms’ claimed that dangerous Internet searches include searching for things such as free music or screensavers. These search terms are used by cybercriminals to ensnare web users and lead them to their own websites.

Once a web surfer has visited this website, they are vulnerable to downloads that infect your computer, such as spyware which can help reveal private bank details to hackers and other cybercriminals.

McAfee’s report also identifies that these dangerous search terms are changing with regard to the new global economic environment. With higher numbers of people being made redundant due to the economic slump affecting so many, cybercriminals are now using search results to target people looking to save money or find a job working at home.

Jeff Green, senior vice president of McAfee Product Development & Avert Labs said: “Cybercriminals are smart. Like sharks smelling blood in the water, hackers will create related Web sites laden with adware and malware whenever a particular topic increases in popularity. Unsuspecting consumers are then tricked into downloading malicious software that leads them to blindly hand over their personal assets to cybercriminals.”

The riskiest set of search words, according to McAfee’s report, include keywords to the variation of ‘screensavers’. The research concluded that nearly six out of the top 10 search results for the keyword ‘screensavers’ contained some form of malware.

The riskiest search of the 2,600 most popular keywords that McAfee researched was ‘lyrics’, with the risk factor rising to one in two.

The research concluded, however, that the word Viagra was one of the least risky of keywords. The keywords with the safest risk profile included search words related to health and the current economic climate.

McAfee’s report also indicated global variations on these risks. Many of these countries had keyword categories that ended up exposing web surfers to the higher risk sites. 12 countries were exposed to an overall higher risk than McAfee’s average, including Mexico and India. McAfee’s report therefore pointed to cybercriminals targeting those outside of the U.S.

McAfee gave caution to home workers and to those looking to save money: if a result contains the word ‘free’ it has a 21.3% chance of infecting a computer with spyware, spam, adware and other malicious cyber threats. The search ‘work from home’ is four times riskier than the average risk given for all popular terms.

To protect against these vulnerabilities, McAfee SiteAdvisor Technology has been designed. This rates every trafficked site on the Internet to conduct automated tests. Web sites are ranked using coloured ratings, so that users are knowledgeable as to what they are clicking on. McAfee have also recently announced the Cybercrime Response Unit to help arm users against the threat.

Guest Article by Neil Camp