Software giant Microsoft has been accused of making a stealth download via one of its recent security patches.

Stealth downloads involve an unwitting computer user downloading code onto their machine without knowing of its transmission. It is sensitive subject in the computer security industry, as this is one of the main ways that malware is delivered onto people’s computers. It is a practice abhorrent in the industry and so for a leading company like Microsoft to be accused of such actions, has caused some embarrassment.

Allegedly, along with its regular Patch Tuesday security update, Microsoft bundled a Bing toolbar add-on. The stealth download adds the Bing toolbar to both the Mozilla Firefox and Internet Explorer browsers. And it does so without the users permission.

News of the stealth download was reported by technology blog Ars Technica. It stated that the Search Enhancement Pack update actually loaded the Bing toolbar onto those users who had installed the Windows Live Toolbar, or MSN bar, onto their Firefox and Internet Explorer browsers.

An apparently unabashed Microsoft told another tech news site, The Register, when questioned about the stealth download, that the problem arose because of a bug in the update file. It has, said Microsoft, now been fixed. They went on to explain the update, via the Search Enhancement Pack, was only supposed to work on those users with a Windows Live toolbar, MSN toolbar and a Bing Bar.

A spokesman said:
“We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behaviour anymore.”

So that’s alright then! Industry experts are a little less understanding and some have questioned Microsoft’s real intentions behind their stealth download tactics.

Microsoft was also in the news for suing an alledged spammer. Target of the lawsuit is Connecticut spammer Boris Mizhen. He is alledged to have sent unwanted emails to Microsoft customers and for gaming Hotmail’s spam filter. Mizhen is named in the legal action, as are several of his companies.

This is not the first time that Mizhen and Microsoft have locked horns. He was sued by the Seattle software giant in 2003 for sending spam to the web-based Hotmail service. The case then ended in a settlement with Mizhen paying out a reported $2 million and an agreement not to send anymore spam to Hotmail customers.

As regards the new, alledged campaign, Mizhen’s associates are keen to point out that these new messages were not spam and that many Hotmail users had moved them from their junk folders to their inboxes. Fair enough, although it’s thought by some that Mizhen and his companies alledgedly created the accounts which did this.

This has opened up the whole debate as to how successful spam filters are, especially those that rely on user feedback to judge the criteria of spam. Such techniques as whitelisting, blacklisting and Bayesian filtering are some of the ones used to recognize and filter out spam. Because these techniques are well known, they can be abused by spammers intent on ‘fixing’ the system and allowing their spam to get through.

Guest Article by Neil Camp

When it comes to finding out about the top malware and spam trends, then the latest report from computer security giants McAfee, covering the first quarter of 2010, is a great place to start.

It discovered that top of the list for top malware and spam trends is a USB worm that has grabbed number one position for top malware worldwide. Furthermore, it concluded that spam trends differ considerably from country to country. What’s more, spam originating out of China and other Asian countries is on the increase. And, early 2010 has been marked by major events, such as earthquake news, which has led to many web searches being poisoned.

The top malware and spam trends report also concluded that most malicious URLs are hosted by US based servers.

High up in the top malware and spam trends report is the fact that the increasing use of removable devices, the majority being USB drives, is acting as a beacon for the most popular malware. Infections that are related to AutoRun held the top and third places. In fifth place are password stealing Trojans which include generic downloaders, gaming software and unwanted programmes, all designed to collect statistics anonymously.

Looking at spam, the report concluded that whilst rates are steady, the subjects differ from country to country. The report shows that the most significant amounts of diploma spam come out of China, South Korea and Vietnam. Diploma spam is all about buying bogus job qualifications in order to get jobs.

Whereas countries such as Singapore, Hong Kong and Japan – says the report – are known for high rates of Delivery Status Notification spam.

Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said:
“Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates. Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”

The top malware and spam trends report also discovered that Brazil, China, Chile, Colombia, India, Indonesia, Philippines, Romania and Thailand, do have a higher proportion of malware infections and spam. McAfee says this may be down to the rapid increase in computer and internet use that these countries have experienced in the last few years, and that as a result, they lack a proper appreciation of security awareness.

The top malware and spam trends report that hackers continue to make use of bad news events, such as the earthquakes in Haiti and Chile, in order to bump their malicious sites up the site engine rankings.

As to where most of the new malicious URLs are hosted, the top malware and spam trends report concludes that 98% are hosted in the US, mainly because this is where most of the Web 2.0 services are provided.

So, when it comes to the top malware and spam trends report, use it to help keep yourself from the hackers out there.

Guest Article by Neil Camp

Two bot herders who were part of the team behind the Mariposa botnet thought that their CVs would stand them in good shape when they applied for jobs at Panda Labs.

Bot herders are hackers who establish what’s known in the industry as botnets; computers that have been taken over by the hackers – without the knowledge of their owners – and networked to combine powerful tools for nefarious activities, such as spam mailing.

It’s long been a tactic of hackers, such as bot herders, to commit an attack on a company’s software, or network, and then use that as a kind of ‘real-life’ CV to get job. But in an industry which is becoming far more professional every day, it’s unlikely that this type of job canvassing is going to win many friends in the future.

So when the two herders who helped run the Mariposa botnet turned up at Panda’s offices, there was some amusement and not a little incredulity.

The two bot herders in question were both Spanish and hid behind their online nicknames of ‘Ostiator’ and ‘Netkaira’ when running the Mariposa botnet. But according to Panda, the job hunt was not down to any feelings of remorse, or repentance, but to the fact that the Mariposa botnet had been closed down and the two bot herders had literally run out of money. They hoped that they could come to an ‘understanding’ with Panda, who they believed would welcome their knowledge.

According to Panda, the fact that the two bot herders had been so closely involved in Mariposa, meant that they could not be employed and went on to say that their somewhat dubious technical skills, meant they were unsuitable anyway.

Undeterred, the two bot herders tried again to secure jobs as Panda some months later, but were again turned down.

Panda pointed out that the openness of the two bot herders approach might be explained by the fact that in Spain, running a botnet is not illegal. Although the company went on to say the Spanish national police force, the Guardia Civil, were looking at ways in which the two bot herders could be prosecuted for stealing identities through the Mariposa botnet.

Guest Article by Neil Camp

BitDefender, which provides anti-malware security solutions, has won its sixth consecutive VBSpam Award for it’s BitDefender Security for Mail Servers 3.0.2.

This leading application, designed for Linux servers, came out with a Gold following the latest Virus Bulletin Anti-Spam Comparative Review. The review revealed there was only one false positive out of 2,400 legitimate emails.

The test involved using a SuSE Linux Enterprise Server 11 for a 11-day period. Emails were sent to a number of Virus Bulletin email addresses and were mixed with spam emails provided by Project Honey Pot. And the emails were also sent in multiple language and character sets, including English, French, Russian, Dutch, Norwegian and Asian languages.

The result was an impressive 97.84% of spam messages were caught during the test, giving a false positive rate of only 0.04%.

Catalin Cosoi, Senior Researcher at BitDefender, said:
“We are thrilled to receive another VBSpam Award for BitDefender Security for Mail Servers 3.0.2. This award represents our sixth consecutive honour from Virus Bulletin, and we are particularly happy with test results showing only a single false positive out of 2400 genuine emails.”

The company say the success of the BitDefender is based on a new technology based on live query. This originates from the cloud-computing paradigm, providing an immediate response time and protection to users all over the world, regardless of language or what type of spam they receive.

How Does BitDefender Antivirus Software work?

In practice, it works by first scanning an incoming email locally with proprietary, proactive antispam solutions. If the email passes the initial filtering sequence, but still cannot be categorised as spam, or a legitimate message, then a proprietary algorithm extracts key elements from the analysed mail. This then creates something similar to a unique encrypted fingerprint of that message. Finally, if the BitDefender network of servers finds a match in its databases of known spam fingerprints, it issues a block command to the client application.

This provides a very thorough technique of catching spam emails.

Guest Article by Neil Camp

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp