When it comes to finding out about the top malware and spam trends, then the latest report from computer security giants McAfee, covering the first quarter of 2010, is a great place to start.

It discovered that top of the list for top malware and spam trends is a USB worm that has grabbed number one position for top malware worldwide. Furthermore, it concluded that spam trends differ considerably from country to country. What’s more, spam originating out of China and other Asian countries is on the increase. And, early 2010 has been marked by major events, such as earthquake news, which has led to many web searches being poisoned.

The top malware and spam trends report also concluded that most malicious URLs are hosted by US based servers.

High up in the top malware and spam trends report is the fact that the increasing use of removable devices, the majority being USB drives, is acting as a beacon for the most popular malware. Infections that are related to AutoRun held the top and third places. In fifth place are password stealing Trojans which include generic downloaders, gaming software and unwanted programmes, all designed to collect statistics anonymously.

Looking at spam, the report concluded that whilst rates are steady, the subjects differ from country to country. The report shows that the most significant amounts of diploma spam come out of China, South Korea and Vietnam. Diploma spam is all about buying bogus job qualifications in order to get jobs.

Whereas countries such as Singapore, Hong Kong and Japan – says the report – are known for high rates of Delivery Status Notification spam.

Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said:
“Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates. Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”

The top malware and spam trends report also discovered that Brazil, China, Chile, Colombia, India, Indonesia, Philippines, Romania and Thailand, do have a higher proportion of malware infections and spam. McAfee says this may be down to the rapid increase in computer and internet use that these countries have experienced in the last few years, and that as a result, they lack a proper appreciation of security awareness.

The top malware and spam trends report that hackers continue to make use of bad news events, such as the earthquakes in Haiti and Chile, in order to bump their malicious sites up the site engine rankings.

As to where most of the new malicious URLs are hosted, the top malware and spam trends report concludes that 98% are hosted in the US, mainly because this is where most of the Web 2.0 services are provided.

So, when it comes to the top malware and spam trends report, use it to help keep yourself from the hackers out there.

Guest Article by Neil Camp

One of the largest providers of Windows security software is warning companies to be on their guard during the 2010 football World Cup for attacks from the malware community. And to help, they have produced their top tips for world cup computer security.

The Sunbelt Software top tips for world cup computer security are aimed at UK bosses who fear that their employees will take every opportunity, whether with permission, or not, to watch matches – many of which are taking place during office hours – and follow not only England, but various other teams.

But warn Sunbelt Software, the tournament and the interest it will generate not only amongst supporters and the wider community, means that hackers are on the prowl, hence the need for the top tips for world cup computer security.

Malware writers will see employees trying to get their football fix, no matter how, as a great opportunity to launch attacks. And one of the biggest risks, say Sunbelt Software – the authors behind the top tips for world cup computer security – is fans desperately searching for footage on any site to see how their team is progressing. Many of the sites offering such footage will, say Sunbelt Software, be hotbeds of potential computer attacks, containing viruses, platforms for phishing attacks, banner advertising and fake video streaming codec downloads.

So, when it comes to safe 2010 football world cup enjoyment, what should bosses and employees be on their guard against; what are the top tips for world cup computer security.

Top of the pile of the top tips for world cup computer security are infected files, many offered as email attachments, or downloads, that promises such things as special World Cup pictures, news, results, free tickets, or match lists. It is best to avoid these.

Second up in the pile of top tips for world cup computer security is search engine optimization poisoning, which sees the hackers endeavouring to get their malicious sites to the first pages of the listings. This is why it’s essential that new urls are carefully studied before using them and that only sites that a user trusts, are used for such things as news updates and football features.

And such things as fake antispyware programmes will be out in force, tempting users to sign-up to bogus claims that a computer is infected and that a sum of around £50 will put things back to rights again.

Next up in the top tips for world cup computer security is a warning against social networking scams. Sunbelt Software say that they expect malicious links on Twitter, fake applications on Facebook and other tricks on some of the popular 2.0 websites.

Another of the top tips for world cup computer security is the area of website defacements. This concerns websites that are popular at the time of a certain event, or tournament, and are targeted by the hackers. Sometimes it might just involve the simple defacement of a website, but it could involve a totally compromised website which is turned into a delivery mechanism for illegal content.

David Parkin, Sales Director EMEA, Sunbelt Software, said:
“All it takes is one employee to disregard this advice and the entire organisation could be put at risk. It is our hope that business leaders will distribute these tips throughout their organisation and print out further copies and post them in communal areas. By following this simple four-point checklist we can all enjoy this year’s World Cup safely via the Internet.”

Guest Article by Neil Camp

Two bot herders who were part of the team behind the Mariposa botnet thought that their CVs would stand them in good shape when they applied for jobs at Panda Labs.

Bot herders are hackers who establish what’s known in the industry as botnets; computers that have been taken over by the hackers – without the knowledge of their owners – and networked to combine powerful tools for nefarious activities, such as spam mailing.

It’s long been a tactic of hackers, such as bot herders, to commit an attack on a company’s software, or network, and then use that as a kind of ‘real-life’ CV to get job. But in an industry which is becoming far more professional every day, it’s unlikely that this type of job canvassing is going to win many friends in the future.

So when the two herders who helped run the Mariposa botnet turned up at Panda’s offices, there was some amusement and not a little incredulity.

The two bot herders in question were both Spanish and hid behind their online nicknames of ‘Ostiator’ and ‘Netkaira’ when running the Mariposa botnet. But according to Panda, the job hunt was not down to any feelings of remorse, or repentance, but to the fact that the Mariposa botnet had been closed down and the two bot herders had literally run out of money. They hoped that they could come to an ‘understanding’ with Panda, who they believed would welcome their knowledge.

According to Panda, the fact that the two bot herders had been so closely involved in Mariposa, meant that they could not be employed and went on to say that their somewhat dubious technical skills, meant they were unsuitable anyway.

Undeterred, the two bot herders tried again to secure jobs as Panda some months later, but were again turned down.

Panda pointed out that the openness of the two bot herders approach might be explained by the fact that in Spain, running a botnet is not illegal. Although the company went on to say the Spanish national police force, the Guardia Civil, were looking at ways in which the two bot herders could be prosecuted for stealing identities through the Mariposa botnet.

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

The computer security giant McAfee has identified which Internet searches are most dangerous to computer safety and which are the safest.

McAfee’s report, entitled ‘The Web’s Most Dangerous Search Terms’ claimed that dangerous Internet searches include searching for things such as free music or screensavers. These search terms are used by cybercriminals to ensnare web users and lead them to their own websites.

Once a web surfer has visited this website, they are vulnerable to downloads that infect your computer, such as spyware which can help reveal private bank details to hackers and other cybercriminals.

McAfee’s report also identifies that these dangerous search terms are changing with regard to the new global economic environment. With higher numbers of people being made redundant due to the economic slump affecting so many, cybercriminals are now using search results to target people looking to save money or find a job working at home.

Jeff Green, senior vice president of McAfee Product Development & Avert Labs said: “Cybercriminals are smart. Like sharks smelling blood in the water, hackers will create related Web sites laden with adware and malware whenever a particular topic increases in popularity. Unsuspecting consumers are then tricked into downloading malicious software that leads them to blindly hand over their personal assets to cybercriminals.”

The riskiest set of search words, according to McAfee’s report, include keywords to the variation of ‘screensavers’. The research concluded that nearly six out of the top 10 search results for the keyword ‘screensavers’ contained some form of malware.

The riskiest search of the 2,600 most popular keywords that McAfee researched was ‘lyrics’, with the risk factor rising to one in two.

The research concluded, however, that the word Viagra was one of the least risky of keywords. The keywords with the safest risk profile included search words related to health and the current economic climate.

McAfee’s report also indicated global variations on these risks. Many of these countries had keyword categories that ended up exposing web surfers to the higher risk sites. 12 countries were exposed to an overall higher risk than McAfee’s average, including Mexico and India. McAfee’s report therefore pointed to cybercriminals targeting those outside of the U.S.

McAfee gave caution to home workers and to those looking to save money: if a result contains the word ‘free’ it has a 21.3% chance of infecting a computer with spyware, spam, adware and other malicious cyber threats. The search ‘work from home’ is four times riskier than the average risk given for all popular terms.

To protect against these vulnerabilities, McAfee SiteAdvisor Technology has been designed. This rates every trafficked site on the Internet to conduct automated tests. Web sites are ranked using coloured ratings, so that users are knowledgeable as to what they are clicking on. McAfee have also recently announced the Cybercrime Response Unit to help arm users against the threat.

Guest Article by Neil Camp