This topic has been discussed quite a bit lately, by almost all the major security vendors, but we really haven't talked about it here on this forum, and it's probably a good time to remind everyone that one of the newest forms of attacks in the web space is around poisoning the search results from Google, basically using Google's Search Engine Optimization (SEO) techniques to get infected web pages highly ranked in search results, especially around current topics that are high interest (recently the Haiti Earthquake, the iPad announcement, Toyota's recall, and President Barack Obama's State of the Union address have all been targets).
What's really devastating about these poisoned search results, is that the end-user isn't likely to realize they are getting infected, since the search result, may refer eventually to a well known site, like CNN. But the referring link will contain some piece of malware; infecting the end-user's machine.
All the more reason IT admins need to make sure there's a proxy in place acting as a Secure Web Gateway with the right anti-malware software, and for those traveling users on laptops, there's some local software client protecting web browsing as well.
Friday, January 29, 2010
Thursday, January 28, 2010
‘We Have to Work Together’ to Fight Cyber Crime says McAfee CEO
From: http://www.thenewnewinternet.com/2010/01/27/we-have-to-work-together-to-fight-cyber-crime-says-mcafee-ceo/
Dave DeWalt, president and CEO of McAfee, has called for the formation of an international framework to combat the growing threat from cyber crime according to a CRN article. While traveling to the World Economic Forum, where DeWalt will speak on the need to protect critical infrastructure, DeWalt briefly stopped in London and discussed the need for international cooperation to fight cyber crime.
DeWalt discussed the growing threat against governments and companies from cyber criminals and state sponsored cyber attacks which are “creating an atmosphere of war online.”
“Unfortunately, we do not have a global framework in which we can solve these problems,” said DeWalt. “There is no World Health Organisation for cyber-crime or cyber-warfare, like there is for viruses in the physical world.”
He discussed the need for greater cooperation, highlighting that no single company or government could effectively tackle this issue alone.
“Part of what I will talk about at the World Economic Forum is the need for a global governing body that helps resolve some of these crises we are seeing. One company like McAfee or one country like the UK cannot do it on its own – we have to work together,” DeWalt said.
Dave DeWalt, president and CEO of McAfee, has called for the formation of an international framework to combat the growing threat from cyber crime according to a CRN article. While traveling to the World Economic Forum, where DeWalt will speak on the need to protect critical infrastructure, DeWalt briefly stopped in London and discussed the need for international cooperation to fight cyber crime.
DeWalt discussed the growing threat against governments and companies from cyber criminals and state sponsored cyber attacks which are “creating an atmosphere of war online.”
“Unfortunately, we do not have a global framework in which we can solve these problems,” said DeWalt. “There is no World Health Organisation for cyber-crime or cyber-warfare, like there is for viruses in the physical world.”
He discussed the need for greater cooperation, highlighting that no single company or government could effectively tackle this issue alone.
“Part of what I will talk about at the World Economic Forum is the need for a global governing body that helps resolve some of these crises we are seeing. One company like McAfee or one country like the UK cannot do it on its own – we have to work together,” DeWalt said.
Wednesday, January 27, 2010
20 Coolest Cloud Computing Vendors
CRN recently published their list of the 20 coolest cloud computing vendors. They chose this topic due to the recent wave of acquisitions of cloud vendors in the security market by traditional software and appliance vendors.
According to CRN, there doesn't seem to be any sign of a slowdown in acquisitions in 2010. Cloud computing has been driven in part by the tough economy, due to the lower initial capital expenditures, and a switch to operating expenses. Cloud solutions took off over the last 16 months and accompanied with that was a growth of SaaS acquisitions by some of the largest security players. Symantec was one of the first with its acquisition of MessageLabs in October of 2008, followed by acquisitions by players such as WatchGuard, McAfee, Barracuda, M86 and Cisco.
In addition to cloud-based antivirus, spam filters and Web scanning engines, security companies are now launching cloud-based DLP and authentication and log management technologies.
You can find CRN's list of the 20 coolest cloud vendors here.
According to CRN, there doesn't seem to be any sign of a slowdown in acquisitions in 2010. Cloud computing has been driven in part by the tough economy, due to the lower initial capital expenditures, and a switch to operating expenses. Cloud solutions took off over the last 16 months and accompanied with that was a growth of SaaS acquisitions by some of the largest security players. Symantec was one of the first with its acquisition of MessageLabs in October of 2008, followed by acquisitions by players such as WatchGuard, McAfee, Barracuda, M86 and Cisco.
In addition to cloud-based antivirus, spam filters and Web scanning engines, security companies are now launching cloud-based DLP and authentication and log management technologies.
You can find CRN's list of the 20 coolest cloud vendors here.
Tuesday, January 26, 2010
Security Before the Proxy
Here at The Proxy Update, we all know the importance of having a proxy acting as a Secure Web Gateway to protect end-users who are browsing the web. But there's a whole layer of security before we even discuss the proxy, and that has to do with User Authentication.
Last month, Imperva examined 32 million passwords stolen from RockYou and found some disturbing trends in password practices among end-users.
According to the analysis, approximately one out of five Web users chose a simple, easily guessed password like "123456", "abc123", "iloveyou" or even "password" to protect their data.
“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”
So a reminder to IT admins, make sure your users know the importance of picking secure passwords, and understand what makes a password secure.
Last month, Imperva examined 32 million passwords stolen from RockYou and found some disturbing trends in password practices among end-users.
According to the analysis, approximately one out of five Web users chose a simple, easily guessed password like "123456", "abc123", "iloveyou" or even "password" to protect their data.
“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”
So a reminder to IT admins, make sure your users know the importance of picking secure passwords, and understand what makes a password secure.
Friday, January 22, 2010
Signature-based scanners miss 88% of Gumblar attacks
In its quarterly Global Threat Report issued today, ScanSafe, the pioneer and leading provider of SaaS Web Security, reported that at its highest peak in the second quarter of 2009, 88% of ScanSafe malware blocks were zero day threats, meaning that the vast majority of the attacks were not detected by signature based scanners. The single largest contributor to the high rate of signature misses were the second stage Gumblar attacks.
The overall rate of zero day Web malware in 2Q09 was 32% – nearly one in three Web malware encounters were blocked via ScanSafe Outbreak Intelligence™ zero-day threat protection. Companies relying on signature-based scanners alone would have been extremely vulnerable, given that signatures for Gumblar-compromised sites were not generally available until three weeks after the largest peak of Gumblar website compromises.
ScanSafe noted that the rate of Web-delivered malware increased sharply in the second quarter of 2009 – a staggering 36% from 1Q09. This was also due in large part to Gumblar, the most sophisticated mass compromise seen this year. 2008 was the largest year on record for Web-delivered malware, with a massive 300% increase from 2007. By all accounts, 2009 is on track to double that number. "The fact that the most serious threat of the year was not detectable by most standard antivirus signatures should serve as yet another wake up call to the security community,” said Mary Landesman, senior security researcher at ScanSafe. “The evasiveness and sophistication of the Gumblar threat has set quite a precedent for threats to come. Companies need to be prepared with a comprehensive Web security solution – specifically, a solution that adequately protects against the increasing rate of zero day threats.”
Worryingly, the second quarter of 2009 also demonstrated a sharp increase in data theft trojans. The rate of encounters with data theft trojans increased 37% in 2Q09. The most prevalent of these encounters were with Backdoor trojans, which can lead to data theft, registry manipulation and full control of files on an infected system, among other things. “It is alarming that the prevalence of data theft trojans has increased so significantly this quarter, but not surprising,” said Landesman. “Stolen data is in high demand and in this economy cyber criminals are motivated to develop increasingly sophisticated tactics to obtain it.”
The overall rate of zero day Web malware in 2Q09 was 32% – nearly one in three Web malware encounters were blocked via ScanSafe Outbreak Intelligence™ zero-day threat protection. Companies relying on signature-based scanners alone would have been extremely vulnerable, given that signatures for Gumblar-compromised sites were not generally available until three weeks after the largest peak of Gumblar website compromises.
ScanSafe noted that the rate of Web-delivered malware increased sharply in the second quarter of 2009 – a staggering 36% from 1Q09. This was also due in large part to Gumblar, the most sophisticated mass compromise seen this year. 2008 was the largest year on record for Web-delivered malware, with a massive 300% increase from 2007. By all accounts, 2009 is on track to double that number. "The fact that the most serious threat of the year was not detectable by most standard antivirus signatures should serve as yet another wake up call to the security community,” said Mary Landesman, senior security researcher at ScanSafe. “The evasiveness and sophistication of the Gumblar threat has set quite a precedent for threats to come. Companies need to be prepared with a comprehensive Web security solution – specifically, a solution that adequately protects against the increasing rate of zero day threats.”
Worryingly, the second quarter of 2009 also demonstrated a sharp increase in data theft trojans. The rate of encounters with data theft trojans increased 37% in 2Q09. The most prevalent of these encounters were with Backdoor trojans, which can lead to data theft, registry manipulation and full control of files on an infected system, among other things. “It is alarming that the prevalence of data theft trojans has increased so significantly this quarter, but not surprising,” said Landesman. “Stolen data is in high demand and in this economy cyber criminals are motivated to develop increasingly sophisticated tactics to obtain it.”
Tuesday, January 19, 2010
Illegal downloads at work put companies at risk, says FAST IiS
From: http://www.computerweekly.com/Articles/2010/01/15/239977/illegal-downloads-at-work-put-companies-at-risk-says-fast.htm
Company directors who allow staff to download software illegally are putting themselves and the company at risk of legal liability, software piracy watchdog FAST IiS has warned.
Internet data gathered by security firm ScanSafe across 100 countries revealed a 55% increase in illegal software and music downloads on corporate networks from October to December 2009.
"The company and directors could face a criminal trial with the possibility of a conviction and fine under the Copyright, Designs and Patents Act 1988," said John Lovelock, chief executive of FAST IiS.
In addition to the risk of legal liability, there is the likelihood of malware being a silent add-on to software downloaded from peer-to-peer filesharing networks commonly used to distribute pirated software, he said.
FAST IiS recommends that all businesses have an IT policy as part of the conditions of employment and ensure that all employees are aware of the consequences of using corporate computers for illegal software downloads.
"It really is cheaper to keep control of your IT estate and software licensing rather than try to cut corners," said Lovelock.
Guidance for businesses is available on the FAST IiS website, he said.
Company directors who allow staff to download software illegally are putting themselves and the company at risk of legal liability, software piracy watchdog FAST IiS has warned.
Internet data gathered by security firm ScanSafe across 100 countries revealed a 55% increase in illegal software and music downloads on corporate networks from October to December 2009.
"The company and directors could face a criminal trial with the possibility of a conviction and fine under the Copyright, Designs and Patents Act 1988," said John Lovelock, chief executive of FAST IiS.
In addition to the risk of legal liability, there is the likelihood of malware being a silent add-on to software downloaded from peer-to-peer filesharing networks commonly used to distribute pirated software, he said.
FAST IiS recommends that all businesses have an IT policy as part of the conditions of employment and ensure that all employees are aware of the consequences of using corporate computers for illegal software downloads.
"It really is cheaper to keep control of your IT estate and software licensing rather than try to cut corners," said Lovelock.
Guidance for businesses is available on the FAST IiS website, he said.
Monday, January 18, 2010
Rogue anti-virus prevalent on links that relate to Haiti earthquake, as donors encouraged to look carefully for genuine sites
From: http://www.scmagazineuk.com/rogue-anti-virus-prevalent-on-links-that-relate-to-haiti-earthquake-as-donors-encouraged-to-look-carefully-for-genuine-sites/article/161431/
The earthquake that hit Haitian capital Port-Au-Prince earlier this week has led to a huge rise in related malicious URLs.
Zscaler Research reported that only an hour after the 7.0 earthquake hit on Tuesday afternoon, there was a 1,578 per cent increase in URLs visited, with a corresponding 5,407 per cent increase in bandwidth usage for ‘Haiti' URLs.
On the malware front, it reported as seeing an increase in search engine optimisation (SEO) taking advantage of Haiti earthquake search terms to redirect visitors to rogue anti-virus download sites.
This was also echoed by security vendors. Websense Security Labs ThreatSeeker Network discovered that searches on terms related to the earthquake returned results that led to a specific rogue anti-virus program via maliciously engineered search results.
Three samples of malware were discovered, with two having 20 per cent anti-virus coverage and another having eight per cent.
Also, F-Secure reported that a link titled as ‘Haiti earthquake donate' leads to a website that installs a rogue into the system that it claims is supported by F-Secure.
Mathew Nisbet, malware data analyst at Symantec Hosted Services, noted an upturn in spam and poison search results designed to exploit individuals' generosity.
He said: “The humanitarian crisis caused by the Haitian earthquake has captured the world's sympathies and people are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the desire to help can often cloud a person's good judgement.
“They count on the public's good nature, concern and desire to help, and hope that they won't see through the scam email which they are reading.”
David Harley, director of malware intelligence at ESET, said: “It would be naive to contend that the security industry is entirely altruistic when it points to potential problems: we make our living from making people safer, or trying to. However, I'm not about to apologise for that any more than I expect my doctor to apologise for making his living out of accidents and diseases.
“You can be as cynical as you like about how successful we are, but most of the people I know in the industry aren't in it purely for the money. And the warnings I have been seeing about SEO poisoning, scams, malware, rogue AV and so on, may increase sales directly or indirectly, but if they do encourage people to help themselves by whatever means, surely that's a good thing?
“However, I've noticed several people in the industry or somehow connected to it taking what you might consider a more positive approach to evading some of these issues, by pointing to legitimate aid resources. As with other kinds of phishing, scamming and so on, you'll be much safer going to known legitimate resources than responding to unsolicited requests for help from unverified sources.”
The earthquake that hit Haitian capital Port-Au-Prince earlier this week has led to a huge rise in related malicious URLs.
Zscaler Research reported that only an hour after the 7.0 earthquake hit on Tuesday afternoon, there was a 1,578 per cent increase in URLs visited, with a corresponding 5,407 per cent increase in bandwidth usage for ‘Haiti' URLs.
On the malware front, it reported as seeing an increase in search engine optimisation (SEO) taking advantage of Haiti earthquake search terms to redirect visitors to rogue anti-virus download sites.
This was also echoed by security vendors. Websense Security Labs ThreatSeeker Network discovered that searches on terms related to the earthquake returned results that led to a specific rogue anti-virus program via maliciously engineered search results.
Three samples of malware were discovered, with two having 20 per cent anti-virus coverage and another having eight per cent.
Also, F-Secure reported that a link titled as ‘Haiti earthquake donate' leads to a website that installs a rogue into the system that it claims is supported by F-Secure.
Mathew Nisbet, malware data analyst at Symantec Hosted Services, noted an upturn in spam and poison search results designed to exploit individuals' generosity.
He said: “The humanitarian crisis caused by the Haitian earthquake has captured the world's sympathies and people are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the desire to help can often cloud a person's good judgement.
“They count on the public's good nature, concern and desire to help, and hope that they won't see through the scam email which they are reading.”
David Harley, director of malware intelligence at ESET, said: “It would be naive to contend that the security industry is entirely altruistic when it points to potential problems: we make our living from making people safer, or trying to. However, I'm not about to apologise for that any more than I expect my doctor to apologise for making his living out of accidents and diseases.
“You can be as cynical as you like about how successful we are, but most of the people I know in the industry aren't in it purely for the money. And the warnings I have been seeing about SEO poisoning, scams, malware, rogue AV and so on, may increase sales directly or indirectly, but if they do encourage people to help themselves by whatever means, surely that's a good thing?
“However, I've noticed several people in the industry or somehow connected to it taking what you might consider a more positive approach to evading some of these issues, by pointing to legitimate aid resources. As with other kinds of phishing, scamming and so on, you'll be much safer going to known legitimate resources than responding to unsolicited requests for help from unverified sources.”
Saturday, January 16, 2010
Baidu Taken Down by DNS Hack
From: http://www.bluecoat.com/blog/baidu-taken-down-dns-hack
So Baidu got hacked yesterday. That is very big news. For China, that's like saying "Google got hacked." It's the leading search engine there, and one I've spent time using during work on our Chinese module for DRTR.
The initial report I saw pointed not to an attack on Baidu's servers, but on the DNS entries that let the websurfers of the world get to the correct site. In other words, if you can change the "official" DNS entry for a site, you change its Internet address. Just like that, you've tricked the entire Internet into thinking that the location for baidu.com is now on a server somewhere else, and that's where everyone will go. (The huge potential payoff for a phisherman or other Bad Guy who can pull off a DNS hack is why the "Kaminsky bug" was such a huge deal in the security press back in 2008.)
However, my initial guess (and it's only a guess, since I've seen few real details in any of the sites I checked) is that one of the engineers who has access to baidu.com's domain name registration account unknowingly used a malware-infected computer to access the registrar, and thereby had his password stolen. (Alternatively, someone could have "social engineered" their way past the domain registrar's safeguards -- i.e., do some fast talking and convince them that you're Baidu's official rep and you need to change some settings -- but I consider that a lot less likely.)
One of my "key stories" for 2009 would be Gumblar (and other malware families) specifically targeting website passwords, either FTP credentials in order to gain access to the files that make up a site, or the domain registrar account name and password in order to do a DNS-redirection attack like this one. In either case, a Bad Guy with your account name and passwords is essentially you, at least as far as your web infrastructure is concerned, and can simply walk in the front door and make whatever changes he wants.
So, if you're in a corporate IT position that involves responsibility for your Web domain and/or site, this would be a good time to review the processes you follow when you make Registration (rarely) or Site changes (every day). Do you use any old computer, at home or work? Or do you make a conscious effort to only log in from a maximum-security (maybe even a dedicated?) computer? At minimum, you should be sure that the computer(s) you use for these tasks are fully patched, and protected by both antivirus and web filtering.
I'll be curious to see if any additional details emerge about how the hack was pulled off.
So Baidu got hacked yesterday. That is very big news. For China, that's like saying "Google got hacked." It's the leading search engine there, and one I've spent time using during work on our Chinese module for DRTR.
The initial report I saw pointed not to an attack on Baidu's servers, but on the DNS entries that let the websurfers of the world get to the correct site. In other words, if you can change the "official" DNS entry for a site, you change its Internet address. Just like that, you've tricked the entire Internet into thinking that the location for baidu.com is now on a server somewhere else, and that's where everyone will go. (The huge potential payoff for a phisherman or other Bad Guy who can pull off a DNS hack is why the "Kaminsky bug" was such a huge deal in the security press back in 2008.)
However, my initial guess (and it's only a guess, since I've seen few real details in any of the sites I checked) is that one of the engineers who has access to baidu.com's domain name registration account unknowingly used a malware-infected computer to access the registrar, and thereby had his password stolen. (Alternatively, someone could have "social engineered" their way past the domain registrar's safeguards -- i.e., do some fast talking and convince them that you're Baidu's official rep and you need to change some settings -- but I consider that a lot less likely.)
One of my "key stories" for 2009 would be Gumblar (and other malware families) specifically targeting website passwords, either FTP credentials in order to gain access to the files that make up a site, or the domain registrar account name and password in order to do a DNS-redirection attack like this one. In either case, a Bad Guy with your account name and passwords is essentially you, at least as far as your web infrastructure is concerned, and can simply walk in the front door and make whatever changes he wants.
So, if you're in a corporate IT position that involves responsibility for your Web domain and/or site, this would be a good time to review the processes you follow when you make Registration (rarely) or Site changes (every day). Do you use any old computer, at home or work? Or do you make a conscious effort to only log in from a maximum-security (maybe even a dedicated?) computer? At minimum, you should be sure that the computer(s) you use for these tasks are fully patched, and protected by both antivirus and web filtering.
I'll be curious to see if any additional details emerge about how the hack was pulled off.
Friday, January 15, 2010
Another Cross-over Point from WAN Optimization into the Proxy Space
From Network World:
Exinda Networks’ latest software upgrade tackles some of the WAN optimization implications of a thorny IT management issue: the use of third-party anonymous browsing services that route DNS queries through a proxy server.
Anonymous proxies allow end users to bypass Web sites blocked by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The new version of Exinda’s WAN optimization software, EXOS 5.3, can detect the use of anonymous proxies and subject Web traffic to the rules and restrictions organizations have set up.
With the new software, Exinda can expose, report and apply QoS policies to traffic using anonymous proxies. Its application classification engine categorizes network traffic and responds based on a company’s predetermined policies – by blocking the traffic or limiting its bandwidth usage, for instance. It can also identify end users who are not conforming to network usage policies.
If someone were to try to access an Internet radio site during business hours, for instance, Exinda would properly classify the traffic and apply the predetermined rules and policies, says Ed Ryan, vice president of products at Exinda.
“If you’re using anonymous proxies to generate traffic that’s normally shaped, we’ll still know what it is and properly classify it. All the normal policies and rules that would have applied to that traffic if you’d accessed it directly still apply.”
To stay on top of new anonymous proxy sites, the software maintains a list of URLs and sites to limit or block access to. “Version 5.3 allows you to see the real, true traffic. We provide continuous detection of anonymous proxy sites through daily updates. New ones are coming on everyday,” Ryan says.
It’s all about visibility, he says. “Visibility comes first. You can’t make intelligent decisions about how shape and prioritize and monitor the traffic unless you know what the traffic is. You can’t make good decisions to accelerate and optimize traffic unless you know what it is.”
Also new in the version 5.3 software upgrade are a number of user interface and configuration tweaks designed to make life easier for administrators. Exinda redesigned its help screens, for instance, simplified its logon pages and redesigned some of its wizards.
In addition, Exinda extended scalability features -- including multithreading and multi-queuing enhancements -- it developed late last year for its high-end 8760 product to the rest of its appliances that use multicore processors.
EXOS 5.3 works on all existing Exinda appliances and is free to Exinda customers with maintenance subscriptions.
Exinda Networks’ latest software upgrade tackles some of the WAN optimization implications of a thorny IT management issue: the use of third-party anonymous browsing services that route DNS queries through a proxy server.
Anonymous proxies allow end users to bypass Web sites blocked by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The new version of Exinda’s WAN optimization software, EXOS 5.3, can detect the use of anonymous proxies and subject Web traffic to the rules and restrictions organizations have set up.
With the new software, Exinda can expose, report and apply QoS policies to traffic using anonymous proxies. Its application classification engine categorizes network traffic and responds based on a company’s predetermined policies – by blocking the traffic or limiting its bandwidth usage, for instance. It can also identify end users who are not conforming to network usage policies.
If someone were to try to access an Internet radio site during business hours, for instance, Exinda would properly classify the traffic and apply the predetermined rules and policies, says Ed Ryan, vice president of products at Exinda.
“If you’re using anonymous proxies to generate traffic that’s normally shaped, we’ll still know what it is and properly classify it. All the normal policies and rules that would have applied to that traffic if you’d accessed it directly still apply.”
To stay on top of new anonymous proxy sites, the software maintains a list of URLs and sites to limit or block access to. “Version 5.3 allows you to see the real, true traffic. We provide continuous detection of anonymous proxy sites through daily updates. New ones are coming on everyday,” Ryan says.
It’s all about visibility, he says. “Visibility comes first. You can’t make intelligent decisions about how shape and prioritize and monitor the traffic unless you know what the traffic is. You can’t make good decisions to accelerate and optimize traffic unless you know what it is.”
Also new in the version 5.3 software upgrade are a number of user interface and configuration tweaks designed to make life easier for administrators. Exinda redesigned its help screens, for instance, simplified its logon pages and redesigned some of its wizards.
In addition, Exinda extended scalability features -- including multithreading and multi-queuing enhancements -- it developed late last year for its high-end 8760 product to the rest of its appliances that use multicore processors.
EXOS 5.3 works on all existing Exinda appliances and is free to Exinda customers with maintenance subscriptions.
Thursday, January 14, 2010
Malware, scareware appear in search results provided by Office.Microsoft.com
From: http://www.mxlogic.com/securitynews/web-security/malware-scareware-appear-in-search-results-provided-by-officemicrosoftcom370.cfm
Security researchers say that black-hat SEO has created an opportunity for scareware purveyors to spread their bogus software to unsuspecting users via one of Microsoft's own websites.
Malware experts at Websense last week released a blog post detailing the presence of malicious websites redirecting to a rogue anti-virus page in search results from Office.Microsoft.com. Websense says that the problem is made more serious by the fact that Microsoft adds a redirect from its own page, so the malicious URLs appear to be hosted by Microsoft, not the malware pushers.
The researchers said that the phony anti-virus program is "very real-looking" and that most anti-virus products do not recognize the executable as being malicious. PC Magazine reports that Microsoft has issued a statement, saying that the malicious redirects were introduced via a vulnerability in a third-party tutorial on the Office website.
Scareware pages pushing fake anti-virus software has been one of the fastest-growing types of online criminal activity over the past year, experts say. Generally run by well-organized criminal gangs in Eastern Europe, the scam has taken in millions in profits.ADNFCR-1765-ID-19551370-ADNFCR
Security researchers say that black-hat SEO has created an opportunity for scareware purveyors to spread their bogus software to unsuspecting users via one of Microsoft's own websites.
Malware experts at Websense last week released a blog post detailing the presence of malicious websites redirecting to a rogue anti-virus page in search results from Office.Microsoft.com. Websense says that the problem is made more serious by the fact that Microsoft adds a redirect from its own page, so the malicious URLs appear to be hosted by Microsoft, not the malware pushers.
The researchers said that the phony anti-virus program is "very real-looking" and that most anti-virus products do not recognize the executable as being malicious. PC Magazine reports that Microsoft has issued a statement, saying that the malicious redirects were introduced via a vulnerability in a third-party tutorial on the Office website.
Scareware pages pushing fake anti-virus software has been one of the fastest-growing types of online criminal activity over the past year, experts say. Generally run by well-organized criminal gangs in Eastern Europe, the scam has taken in millions in profits.ADNFCR-1765-ID-19551370-ADNFCR
Wednesday, January 13, 2010
Malware Threat Reports Fail to Add Up
From: http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/
The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results.
For example, in its malware report for last month, Fortinet said that W32/PackBredolab.C!tr topped the charts of malware variants detected in December, accounting for two-thirds of malware activity in December. It was a new entry to the malware table, the company said.
Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the top three slots of its own malware threat report for December. Sunbelt listed Trojan.Win32.Generic!BT in the top malware slot as part of its own report, with almost 20% of the activity for December. A quick scan of the other top 10 malware entries for each company reveals few if any matches.
"Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges," said Tom Kelchner, Sunbelt Research Center manager. "What one company detects and identifies as a specific, named piece of malcode, another may detect generically."
He argued that antivirus companies have tried to use common names for malware that they find, but that the complex nature of antivirus analysis, combined with the speed of the process, has made it almost impossible to work together.
"Naming convention is one thing. But I think the main problem these days is the way in which detection techniques have shifted," said Roel Schouwenberg, senior antivirus researcher, Kaspersky Lab.
"The shift in detection techniques make naming harder and grouping of malware completely different."
Axelle Apvrille, senior mobile AV analyst and researcher in the Fortinet EMEA threat response team, said that the time window for detections is another reason for the disparity in results. "Even if, globally, Sunbelt, Kaspersky and us encounter the same threats, this may not be true when we consider short time frames (such as a month)," he said.
"It's hard for users, not being able to find information on something under one name," noted Joe Stewart, director of malware research at managed security company SecureWorks. Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out. "I don't think that there's any solution in sight, because there are so many factors that play into it. Because of the way that the industry works, you can't work around them too well."
In short: is there a problem with the user confusion over threat tables like these? Most definitely. Can we solve it? Apparently not.
The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results.
For example, in its malware report for last month, Fortinet said that W32/PackBredolab.C!tr topped the charts of malware variants detected in December, accounting for two-thirds of malware activity in December. It was a new entry to the malware table, the company said.
Kaspersky highlighted three versions of the Kido worm, known more popularly as Conficker, in the top three slots of its own malware threat report for December. Sunbelt listed Trojan.Win32.Generic!BT in the top malware slot as part of its own report, with almost 20% of the activity for December. A quick scan of the other top 10 malware entries for each company reveals few if any matches.
"Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges," said Tom Kelchner, Sunbelt Research Center manager. "What one company detects and identifies as a specific, named piece of malcode, another may detect generically."
He argued that antivirus companies have tried to use common names for malware that they find, but that the complex nature of antivirus analysis, combined with the speed of the process, has made it almost impossible to work together.
"Naming convention is one thing. But I think the main problem these days is the way in which detection techniques have shifted," said Roel Schouwenberg, senior antivirus researcher, Kaspersky Lab.
"The shift in detection techniques make naming harder and grouping of malware completely different."
Axelle Apvrille, senior mobile AV analyst and researcher in the Fortinet EMEA threat response team, said that the time window for detections is another reason for the disparity in results. "Even if, globally, Sunbelt, Kaspersky and us encounter the same threats, this may not be true when we consider short time frames (such as a month)," he said.
"It's hard for users, not being able to find information on something under one name," noted Joe Stewart, director of malware research at managed security company SecureWorks. Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out. "I don't think that there's any solution in sight, because there are so many factors that play into it. Because of the way that the industry works, you can't work around them too well."
In short: is there a problem with the user confusion over threat tables like these? Most definitely. Can we solve it? Apparently not.
Tuesday, January 12, 2010
2010: Is it all hype?
When it turned the year 2000, there was all this worry that computers would crash, and our infrastructure would have problems from date rollover. Nothing significant happened. But we surprised ourselves as the year 2010 came around, and there were actually news reports of computers having problems with the date change.
Some of the reported problems included:
I guess it's never too late to check to make sure your code is date compliant.
Some of the reported problems included:
Symantec's "Endpoint Protection" business anti-virus solution started the new year by labelling signatures dated 01/01/2010 or newer as "out of date" even though the signatures are current. Symantec is reportedly working to fix the flaw. Until an update has become available, the vendor will date any further new signatures December 31, 2009 and only increase the revision number. Affected products include Symantec Endpoint Protection v11.x and Symantec Endpoint Protection Small Business Edition v12.x.
The Internet Storm Center reports that Cisco's Content Switching Module (CSM) has problems with its load balancing feature. The default cookie expiration in the load balancer is reportedly set to 01/01/2010 and has, therefore, expired. As a result, connections to programs such as web applications are reportedly being continuously "rebalanced".
I guess it's never too late to check to make sure your code is date compliant.
Illegal downloads at work skyrocket
From: http://www.computerweekly.com/Articles/2010/01/12/239924/Illegal-downloads-at-work-skyrocket-says-ScanSafe.htm
Illegal software and music downloadson corporate networks have increased 55% in the past three months, according to web security firmScanSafe.
The increase was revealed in data gathered across more than 100 countries and millions of employees.
Employees tend to assume they can use the internet at work in exactly the same way as they use it at home, said Spencer Parker, product management director at ScanSafe.
"Inappropriate internet use in the workplace can put the employer at risk for legal liabilities," he said.
Downloading illegal content is a "double whammy" for employers as it puts them at risk legally and puts the company network at risk, said Parker.
"Free illegal downloading websites are often riddled with malware, which could infect corporate networks," he said.
Organisations should implement a comprehensive web security system to block employees from accessing illegal websites, said Parker.
Security consultants have identified employee education as a top priority for businesses in 2010.
Businesses should also ensure internet usage policies are up to date and that employees are aware of what they are not allowed to do at work.
Increased use of consumer devices such as iPhones is another key reason businesses should keep their IT polices and standard up to date, said William Beer, information security director at PricewaterhouseCoopers.
"Employees need to be aware of how their actions can impact on the organisation they work for, but not many businesses have a comprehensive set of policies and an education programme in place," he said.
Illegal software and music downloadson corporate networks have increased 55% in the past three months, according to web security firmScanSafe.
The increase was revealed in data gathered across more than 100 countries and millions of employees.
Employees tend to assume they can use the internet at work in exactly the same way as they use it at home, said Spencer Parker, product management director at ScanSafe.
"Inappropriate internet use in the workplace can put the employer at risk for legal liabilities," he said.
Downloading illegal content is a "double whammy" for employers as it puts them at risk legally and puts the company network at risk, said Parker.
"Free illegal downloading websites are often riddled with malware, which could infect corporate networks," he said.
Organisations should implement a comprehensive web security system to block employees from accessing illegal websites, said Parker.
Security consultants have identified employee education as a top priority for businesses in 2010.
Businesses should also ensure internet usage policies are up to date and that employees are aware of what they are not allowed to do at work.
Increased use of consumer devices such as iPhones is another key reason businesses should keep their IT polices and standard up to date, said William Beer, information security director at PricewaterhouseCoopers.
"Employees need to be aware of how their actions can impact on the organisation they work for, but not many businesses have a comprehensive set of policies and an education programme in place," he said.
Friday, January 8, 2010
Facebook Beats Google on Xmas
From: http://www.thebigmoney.com/blogs/feeling-lucky/2009/12/31/facebook-beats-google-xmas
Could Facebook supplant Google (GOOG) as the most-visited Web site in the country in 2010? That question's been on everyone's lips ever since an official at the research firm Hitwise tweeted that on Christmas Day, more people used Facebook than Google or any of its related products.
Search Engine Journal contributor Arnold Zafra thinks that the Christmas triumph may be something of an outlier; Christmas, after all, is a time when people reconnect with their friends and family, and Facebook is uniquely positioned to help them do just that. Nevertheless, Zafra adds, it may indicate that Facebook may have outpaced e-mail as a communications medium. "Email is a thing of the past during these days, as Facebook and perhaps other social sites like Twitter are the more preferred ways of communicating online especially during special occasions," he writes.
And in another sign of Facebook's ubiquity, the security firm McAfee warned that hackers and malware distributors are increasingly focused on poisoning the site with spam. "Malware authors love following the social networking buzz and hot spots of activity; that will continue in 2010," the company warned. Apparently, popularity has its price.
Could Facebook supplant Google (GOOG) as the most-visited Web site in the country in 2010? That question's been on everyone's lips ever since an official at the research firm Hitwise tweeted that on Christmas Day, more people used Facebook than Google or any of its related products.
Search Engine Journal contributor Arnold Zafra thinks that the Christmas triumph may be something of an outlier; Christmas, after all, is a time when people reconnect with their friends and family, and Facebook is uniquely positioned to help them do just that. Nevertheless, Zafra adds, it may indicate that Facebook may have outpaced e-mail as a communications medium. "Email is a thing of the past during these days, as Facebook and perhaps other social sites like Twitter are the more preferred ways of communicating online especially during special occasions," he writes.
And in another sign of Facebook's ubiquity, the security firm McAfee warned that hackers and malware distributors are increasingly focused on poisoning the site with spam. "Malware authors love following the social networking buzz and hot spots of activity; that will continue in 2010," the company warned. Apparently, popularity has its price.
Thursday, January 7, 2010
Cybercriminals may target Social Networking Sites, says McAfee
According to a latest report released by McAfee Inc, the Cybercriminals may target social networking sites such as Facebook, Twitter and FriendFeed in 2010. McAfee said that these social networking sites could become easy targets because of their vulnerability.
In the past, Facebook had witnessed serious hacking problems and same thing might happen again. Usually, people trust their friends and the links sent by them on such socialnetworking sites. That may work as an advantage for the Cybercriminals.
Currently, 350 million people across the globe use Facebook. McAfee and Symantec have cautioned the users about the shortened URLs that come in a different format and makes it difficult for the users to view the url without clicking on it.
In the past, Facebook had witnessed serious hacking problems and same thing might happen again. Usually, people trust their friends and the links sent by them on such socialnetworking sites. That may work as an advantage for the Cybercriminals.
Currently, 350 million people across the globe use Facebook. McAfee and Symantec have cautioned the users about the shortened URLs that come in a different format and makes it difficult for the users to view the url without clicking on it.
Wednesday, January 6, 2010
Hybrid Apps Will Be Next Hacker Target
From InfoSecurity: http://www.infosecurity-us.com/view/6184/mcafee-hybrid-apps-will-be-hacker-target/
Applications that blur the boundaries between online and offline software will be a primary hacker target this year, according to McAfee.
In its 2010 Threat Predictions Report, McAfee said that the advent of HTML 5 - a yet-to-be-ratified, enhanced version of the HTML language used to create web pages - is blurring the line between the internet and the desktop. New functionality in the language makes web apps act more like desktop computer software than ever before. The hacker community will be drawn to this phenomenon, McAfee predicted.
An example of a HTML 5-based application is Google Wave, which reinvents email, combining it with instant messaging-like functionality to create online conversations that can be embedded in other web pages. The anti-virus vendor singled out Google's Chrome OS as a technology that will complement the new language to draw interest from hacker groups.
Chrome OS, an open-source operating system that was released to developers in November, is designed for use on netbooks and other small footprint devices that rely almost exclusively on internet-based applications for their operation. The system is scheduled for end-user release later this year.
"Google Chrome OS is intended for use with netbooks, and HTML5 enables not only a rich internet experience, but also offline applications. Another motivation for attackers is HTML 5’s anticipated cross-platform support, which will allow attackers to eventually reach users of many mainstream browsers", McAfee continued.
The document also suggested that the hacker community may switch its emphasis from Microsoft to Adobe. "In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot", it said. Adobe has already seen several zero-day attacks from hacker groups targeting these two.
Other, perhaps more obvious, predictions from the report include more sophisticated hacker threats targeting social networking applications, as their user numbers increase, and cleverer banking trojans (it's generally a safe bet to assume that the hacker underground won't become dumber, and simpler, and neither will its products).
Applications that blur the boundaries between online and offline software will be a primary hacker target this year, according to McAfee.
In its 2010 Threat Predictions Report, McAfee said that the advent of HTML 5 - a yet-to-be-ratified, enhanced version of the HTML language used to create web pages - is blurring the line between the internet and the desktop. New functionality in the language makes web apps act more like desktop computer software than ever before. The hacker community will be drawn to this phenomenon, McAfee predicted.
An example of a HTML 5-based application is Google Wave, which reinvents email, combining it with instant messaging-like functionality to create online conversations that can be embedded in other web pages. The anti-virus vendor singled out Google's Chrome OS as a technology that will complement the new language to draw interest from hacker groups.
Chrome OS, an open-source operating system that was released to developers in November, is designed for use on netbooks and other small footprint devices that rely almost exclusively on internet-based applications for their operation. The system is scheduled for end-user release later this year.
"Google Chrome OS is intended for use with netbooks, and HTML5 enables not only a rich internet experience, but also offline applications. Another motivation for attackers is HTML 5’s anticipated cross-platform support, which will allow attackers to eventually reach users of many mainstream browsers", McAfee continued.
The document also suggested that the hacker community may switch its emphasis from Microsoft to Adobe. "In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot", it said. Adobe has already seen several zero-day attacks from hacker groups targeting these two.
Other, perhaps more obvious, predictions from the report include more sophisticated hacker threats targeting social networking applications, as their user numbers increase, and cleverer banking trojans (it's generally a safe bet to assume that the hacker underground won't become dumber, and simpler, and neither will its products).
Tuesday, January 5, 2010
Major Christmas e-Card Spam Campaign
From the Blue Coat Security Blog: http://www.bluecoat.com/blog/major-christmas-e-card-spam-campaign
During the holidays, the Blue Coat Web Filter™ team continues to keep an eye on things, both the results of the various WebPulse™ automated processes and the various data streams that the human analysts monitor. One trend worth remarking on has been a flood of "e-Card" spam in our honeypots. This began a few days before Christmas, and is still continuing.
As it turns out, this will also give me a chance to talk a little bit about a category of software we call "Potentially Unwanted Software". (Or "PUS" for short.)
The spam e-mails' subject line varies, but it's typically something like "[name], Someone sent you a Christmas Card".
The actual body of the e-mail doesn't contain a card, but instead invites you to "Send Cards for Christmas[...] Everyone has email, send them an eCard they'll love, save money on postage."
The spam comes from a variety of constantly changing domains (e.g., familyvalues1b.com, lifepartner1d.com...), and clicking the link inside routes you through about four hidden-relay sites to eventually reach the e-card site.
WebPulse™ already knew about most of the spam relay sites (I've added the new ones), and also has some interesting information about the e-card site.... It turns out to have been on Santa's "Naughty List" for more than six months, when one of our analysts noted that the Toolbar it wants you to install garnered a lot of hits in virus scanners. The majority of those hits were categorized as Adware/Spyware type software, which fits in with our P.U.S. category. This analysis was confirmed by a second analyst a couple of months later, who took a deeper look.
We define the P.U.S. category as "Sites that distribute software that is not malicious but may be unwanted within an organization such as intrusive adware and hoaxes." (Where "not malicious" means something like "doesn't deliberately harm/crash your computer, or steal your banking passwords" -- that would clearly be Malware.)
Adware is software that sits on your computer, watches where you go on the internet, and serves you extra ads beyond those normally found on the web sites, often in the form of pop-up or pop-under ads. (This is something different from web-ad sites that use "beacons" on multiple client sites to track your visits and decide which ads you see as part of the pages you visit. While these may still be a privacy concern for you, if they don't install software on your computer, they're not P.U.S.) Adware may sometimes be a legitimate method of "payment" for "free" versions of software. More often, it's an intrusive privacy risk.
P.U.S. is also frequently criticized for "bloating" your computer (consuming too many resources) and slowing it down.
Due to the annoyance, performance hit, privacy concerns, and an overall "shadiness factor", I always recommend that our customers block the P.U.S. category. (Exceptions may always be made, of course, by "whitelisting" particular sites where you've checked out the software and EULA, and feel that the benefits outweigh the risks -- the customer is always in control of what gets blocked.)
This month, due to their behind-the-scenes involvement in a deceptive and unwanted spam campaign, with fake/junk domains and a series of shady relays, we've added a Suspicious rating to the parent site as well. (Just call it a little "Christmas e-Card" of our own.)
During the holidays, the Blue Coat Web Filter™ team continues to keep an eye on things, both the results of the various WebPulse™ automated processes and the various data streams that the human analysts monitor. One trend worth remarking on has been a flood of "e-Card" spam in our honeypots. This began a few days before Christmas, and is still continuing.
As it turns out, this will also give me a chance to talk a little bit about a category of software we call "Potentially Unwanted Software". (Or "PUS" for short.)
The spam e-mails' subject line varies, but it's typically something like "[name], Someone sent you a Christmas Card".
The actual body of the e-mail doesn't contain a card, but instead invites you to "Send Cards for Christmas[...] Everyone has email, send them an eCard they'll love, save money on postage."
The spam comes from a variety of constantly changing domains (e.g., familyvalues1b.com, lifepartner1d.com...), and clicking the link inside routes you through about four hidden-relay sites to eventually reach the e-card site.
WebPulse™ already knew about most of the spam relay sites (I've added the new ones), and also has some interesting information about the e-card site.... It turns out to have been on Santa's "Naughty List" for more than six months, when one of our analysts noted that the Toolbar it wants you to install garnered a lot of hits in virus scanners. The majority of those hits were categorized as Adware/Spyware type software, which fits in with our P.U.S. category. This analysis was confirmed by a second analyst a couple of months later, who took a deeper look.
We define the P.U.S. category as "Sites that distribute software that is not malicious but may be unwanted within an organization such as intrusive adware and hoaxes." (Where "not malicious" means something like "doesn't deliberately harm/crash your computer, or steal your banking passwords" -- that would clearly be Malware.)
Adware is software that sits on your computer, watches where you go on the internet, and serves you extra ads beyond those normally found on the web sites, often in the form of pop-up or pop-under ads. (This is something different from web-ad sites that use "beacons" on multiple client sites to track your visits and decide which ads you see as part of the pages you visit. While these may still be a privacy concern for you, if they don't install software on your computer, they're not P.U.S.) Adware may sometimes be a legitimate method of "payment" for "free" versions of software. More often, it's an intrusive privacy risk.
P.U.S. is also frequently criticized for "bloating" your computer (consuming too many resources) and slowing it down.
Due to the annoyance, performance hit, privacy concerns, and an overall "shadiness factor", I always recommend that our customers block the P.U.S. category. (Exceptions may always be made, of course, by "whitelisting" particular sites where you've checked out the software and EULA, and feel that the benefits outweigh the risks -- the customer is always in control of what gets blocked.)
This month, due to their behind-the-scenes involvement in a deceptive and unwanted spam campaign, with fake/junk domains and a series of shady relays, we've added a Suspicious rating to the parent site as well. (Just call it a little "Christmas e-Card" of our own.)
Monday, January 4, 2010
Websense and Google warn of scam adverts
From: http://www.securecomputing.net.au/News/163223,websense-and-google-warn-of-scam-adverts.aspx
Scam uses classic 'get rich quick' hook.
A new scam has been detected which uses Google's name in a get rich quick scheme.
Websense Security Labs detected the ‘making easy money with Google' scam as circulating for some time, and in the last few weeks, a new wave of such scams has emerged using Google's reputation to sell 'working from home' kits that claim Google is hiring people.
It said that the primary way of propagation and to increase exposure of those kits is through legitimately-bought advertising space, and the marketing of the fake kits is designed to work with affiliates. For every kit sold the affiliate gets a cut of the profits.
Carl Leonard, senior manager of Websense Security Labs, said: “This aggressive campaign, which preys on a population weakened by the economic downturn, demonstrates how cybercrime has moved on from the spotty teenage hacker in his bedroom to a sophisticated business run with all the trimmings.”
It is not only Google that has been affected, as other brands such as Yahoo, Microsoft and Dell have been exploited with the average user affected and confused. This has also led Google to look into taking legal action against the group/company behind the campaign, and also some related individuals.
In a blog post on December 8, Google said that to fight back it had filed a suit against Pacific WebWorks and ‘several other unnamed defendants'.
Jason Morrison, support engineer (search quality team), and Stacey Wexler, senior litigation counsel at Google, said: “Google hasn't created or endorsed any of the sites like those described in our complaint. Misleading ads try to take advantage of consumers in the midst of a difficult economy, and as the economic situation has worsened, the problem has only grown. As far as we can tell, thousands of people have been tricked into sending payment information and being charged hidden fees by questionable operations.
“Even as we're taking legal action to try to cut these sites off at the source, we're still working constantly to remove scammy URLs from our index, and we'll permanently disable AdWords accounts that provide a poor or harmful user experience, whether or not they use Google's trademarks illegally. That said, we can't guarantee that schemes like these won't pop up, like the proverbial ‘Whack-A-Mole', someplace else online - either on a different network or under a different name.
“We can solve only part of the problem - the rest is up to you. Just as you should be careful about giving out financial information in the real world, you should be sceptical and review any offers online before sending any information, and always be on guard when presented with an offer that seems too good to be true.”
Scam uses classic 'get rich quick' hook.
A new scam has been detected which uses Google's name in a get rich quick scheme.
Websense Security Labs detected the ‘making easy money with Google' scam as circulating for some time, and in the last few weeks, a new wave of such scams has emerged using Google's reputation to sell 'working from home' kits that claim Google is hiring people.
It said that the primary way of propagation and to increase exposure of those kits is through legitimately-bought advertising space, and the marketing of the fake kits is designed to work with affiliates. For every kit sold the affiliate gets a cut of the profits.
Carl Leonard, senior manager of Websense Security Labs, said: “This aggressive campaign, which preys on a population weakened by the economic downturn, demonstrates how cybercrime has moved on from the spotty teenage hacker in his bedroom to a sophisticated business run with all the trimmings.”
It is not only Google that has been affected, as other brands such as Yahoo, Microsoft and Dell have been exploited with the average user affected and confused. This has also led Google to look into taking legal action against the group/company behind the campaign, and also some related individuals.
In a blog post on December 8, Google said that to fight back it had filed a suit against Pacific WebWorks and ‘several other unnamed defendants'.
Jason Morrison, support engineer (search quality team), and Stacey Wexler, senior litigation counsel at Google, said: “Google hasn't created or endorsed any of the sites like those described in our complaint. Misleading ads try to take advantage of consumers in the midst of a difficult economy, and as the economic situation has worsened, the problem has only grown. As far as we can tell, thousands of people have been tricked into sending payment information and being charged hidden fees by questionable operations.
“Even as we're taking legal action to try to cut these sites off at the source, we're still working constantly to remove scammy URLs from our index, and we'll permanently disable AdWords accounts that provide a poor or harmful user experience, whether or not they use Google's trademarks illegally. That said, we can't guarantee that schemes like these won't pop up, like the proverbial ‘Whack-A-Mole', someplace else online - either on a different network or under a different name.
“We can solve only part of the problem - the rest is up to you. Just as you should be careful about giving out financial information in the real world, you should be sceptical and review any offers online before sending any information, and always be on guard when presented with an offer that seems too good to be true.”
Subscribe to:
Posts (Atom)
Posts
