From: http://www.seoconsult.co.uk/SEO-News/seo/malicious-attempt-to-violate-users-through-search-engine-optimisation-strategies.html
Even though it is common knowledge in the search engine optimisation marketplace that Google’s algorithms are never exactly known; we can only use our own knowledge to bring one’s website to the top for their main key terms. We use this knowledge in our best interests for our clients to get their keywords ranked to the top page.
Unfortunately, this knowledge can also be used for malicious attacks. According to research carried out by the internet protection firm Zscaler, computer hackers are abusing search engine optimization (SEO) techniques to promote spiteful links on Google.
Zscaler looked into the top search phrases from Google Trends, and found there were up to 86 malicious links showing in the top 100 search results for some terms. In rival search engines, the malicious links were generally limited to 10 or fewer; such as Bing and Yahoo.
Zscaler attributes this to the pace at which Google adds new links to its database, which is faster than other search engines. Zscaler also suggests that attackers adapt their pages to target Google, which results in additional pages being posted. Zscaler urges Google to “step up to the new security threats.”
This could have detrimental effects to the industry of search engine optimisation specialists as they will now be doing everything in their best interest to avoid these malicious attacks, without jeopardising their client’s top page rankings: It begs the question should Google be constantly changing their algorithms in order to stay one step ahead of the spammers and viral linkers out there?
Monday, April 26, 2010
Sunday, April 25, 2010
1.5 million Facebook IDs Up for Sale
From: http://www.networkworld.com/news/2010/042310-15-million-stolen-facebook-ids.html
A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.
Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.
IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.
To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.
Hackers have been selling stolen social-networking credentials for a while -- VeriSign has seen a brisk trade in names and passwords for Russia's VKontakte, for example. But now the trend is to go after global targets such as Facebook, Howard said.
Facebook has more than 400 million users worldwide, many of whom fall victim to scams each day. In one such scam, criminals send out messages from a compromised account, telling friends that the account's owner is trapped in a foreign country and needs money to get home.
In another, they send Web links that lead to malicious software, telling friends that it's a hilarious or sensationalistic video.
"People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. Once the malware gets installed, criminals can steal more passwords, break into bank accounts, or simply use the computers to send spam or launch distributed denial of service attacks. "There's just a plethora of things that people can do if they can trick people into installing their software," he said.
Kirllos' Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account -- Kirllos wants as little as $0.025 per Facebook account. More coveted credit card or bank account details can go for much more, ranging between $0.85 to $30 for credit card numbers to $15 to $850 for top-quality online bank accounts.
A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.
Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.
IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.
To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.
Hackers have been selling stolen social-networking credentials for a while -- VeriSign has seen a brisk trade in names and passwords for Russia's VKontakte, for example. But now the trend is to go after global targets such as Facebook, Howard said.
Facebook has more than 400 million users worldwide, many of whom fall victim to scams each day. In one such scam, criminals send out messages from a compromised account, telling friends that the account's owner is trapped in a foreign country and needs money to get home.
In another, they send Web links that lead to malicious software, telling friends that it's a hilarious or sensationalistic video.
"People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. Once the malware gets installed, criminals can steal more passwords, break into bank accounts, or simply use the computers to send spam or launch distributed denial of service attacks. "There's just a plethora of things that people can do if they can trick people into installing their software," he said.
Kirllos' Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account -- Kirllos wants as little as $0.025 per Facebook account. More coveted credit card or bank account details can go for much more, ranging between $0.85 to $30 for credit card numbers to $15 to $850 for top-quality online bank accounts.
Friday, April 23, 2010
Flawed McAfee update paralyzes corporate PCs
Ed. Note: Not, proxy related, but definitely in the security realm.
From: https://www.networkworld.com/news/2010/042110-flawed-mcafee-update-paralyzes-corporate.html?t51hb
A flawed McAfee antivirus update sent enterprise administrators scrambling today as the new signatures quarantined a crucial Windows system file, crippling an unknown number of Windows XP computers, according to messages on the company's support forum.
The forum has since gone offline.
McAfee confirmed it had pushed the faulty update to users earlier today. "McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21," said company spokesman Joris Evers in an e-mail reply to questions. "The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2:00 P.M. GMT+1 (6:00 A.M. Pacific)."
According to users on McAfee's support forum, today's update flagged Windows' "svchost.exe" file, a generic host process for services that run from other DLLs (dynamic link libraries).
"HOW THE F*** do they put a DAT out that kills a *VITAL* system process?" asked Jeff Gerard on one thread. "This is goddamn ridiculous," added Gerard, who identified himself as a senior security administrator with Wawanesa Mutual Insurance Company of Winnipeg, Manitoba, in Canada. "Great work McAfee! GRRRRRRRRRRR."
As of 3:30 p.m. ET, McAfee's support forum was offline, with a message reading "The McAfee Community is experiencing unusually large traffic which may cause slow page loads. We apologize for any inconvenience this may cause."
Both users and McAfee said that the flawed update had crippled Windows XP Service Pack 3 (SP3) machines, but not PCs running Vista or Windows 7 . "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3," acknowledged Evers.
Affected PCs have displayed a shutdown error or blue error screen, then gone into an endless cycle of rebooting, users claimed.
McAfee reacted by warning users not to download today's update if they haven't already, and by posting recovery instructions and a signature update to suppress the defective one seeded to users earlier. "Apply the EXTRA.DAT to all potentially affected systems as soon as possible," the company recommended. "For systems that have already encountered this issue, start the computer in Safe Mode and apply the EXTRA.DAT. After applying the EXTRA.DAT, restore the affected files from Quarantine." Unfortunately, those instructions and the suppression EXTRA.DAT update file are not currently available, again because McAfee's support site has gone dark.
Instead, users can reach the instructions and EXTRA.DAT file from elsewhere on McAfee's site .
"The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers," Evers said. "We are not aware of significant impact on consumer customers and believe we have significantly limited such occurrence."
The company has yet to produce an updated signature definition file to replace the one that crippled computers. A month ago, a BitDefender update clobbered 64-bit Windows machines. In 2005, Trend Micro released a flawed signature update that slowed PCs to a crawl, and McAfee is far from the first antivirus vendor to ship a flawed signature update. In May 2007, a Symantec definition file crippled thousands of Chinese computers when the software mistook two critical Windows .dll files for malware.
McAfee is working on helping customers affected by the rogue update, said Evers. "McAfee apologizes for any inconvenience to our customers," he added.
From: https://www.networkworld.com/news/2010/042110-flawed-mcafee-update-paralyzes-corporate.html?t51hb
A flawed McAfee antivirus update sent enterprise administrators scrambling today as the new signatures quarantined a crucial Windows system file, crippling an unknown number of Windows XP computers, according to messages on the company's support forum.
The forum has since gone offline.
McAfee confirmed it had pushed the faulty update to users earlier today. "McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21," said company spokesman Joris Evers in an e-mail reply to questions. "The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2:00 P.M. GMT+1 (6:00 A.M. Pacific)."
According to users on McAfee's support forum, today's update flagged Windows' "svchost.exe" file, a generic host process for services that run from other DLLs (dynamic link libraries).
"HOW THE F*** do they put a DAT out that kills a *VITAL* system process?" asked Jeff Gerard on one thread. "This is goddamn ridiculous," added Gerard, who identified himself as a senior security administrator with Wawanesa Mutual Insurance Company of Winnipeg, Manitoba, in Canada. "Great work McAfee! GRRRRRRRRRRR."
As of 3:30 p.m. ET, McAfee's support forum was offline, with a message reading "The McAfee Community is experiencing unusually large traffic which may cause slow page loads. We apologize for any inconvenience this may cause."
Both users and McAfee said that the flawed update had crippled Windows XP Service Pack 3 (SP3) machines, but not PCs running Vista or Windows 7 . "Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3," acknowledged Evers.
Affected PCs have displayed a shutdown error or blue error screen, then gone into an endless cycle of rebooting, users claimed.
McAfee reacted by warning users not to download today's update if they haven't already, and by posting recovery instructions and a signature update to suppress the defective one seeded to users earlier. "Apply the EXTRA.DAT to all potentially affected systems as soon as possible," the company recommended. "For systems that have already encountered this issue, start the computer in Safe Mode and apply the EXTRA.DAT. After applying the EXTRA.DAT, restore the affected files from Quarantine." Unfortunately, those instructions and the suppression EXTRA.DAT update file are not currently available, again because McAfee's support site has gone dark.
Instead, users can reach the instructions and EXTRA.DAT file from elsewhere on McAfee's site .
"The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers," Evers said. "We are not aware of significant impact on consumer customers and believe we have significantly limited such occurrence."
The company has yet to produce an updated signature definition file to replace the one that crippled computers. A month ago, a BitDefender update clobbered 64-bit Windows machines. In 2005, Trend Micro released a flawed signature update that slowed PCs to a crawl, and McAfee is far from the first antivirus vendor to ship a flawed signature update. In May 2007, a Symantec definition file crippled thousands of Chinese computers when the software mistook two critical Windows .dll files for malware.
McAfee is working on helping customers affected by the rogue update, said Evers. "McAfee apologizes for any inconvenience to our customers," he added.
Monday, April 19, 2010
Google says: our site is used "as an intermediary for the infection of 13 site(s)"
Google is doing regular security scans of the websites it indexes. Google SafeBrowsing, the service that Google uses to communicate if a domain is malicious, or used to redirect to a malicious site will show the results for a given URL with the following query:
http://www.google.com/safebrowsing/diagnostic?site=.
Until very recently, the Google SafeBrowsing status for google.com was not showing any potential threat. Now, it is showing that "google.com appeared to function as an intermediary for the infection of 13 site(s)".
Is is true that attackers are using Google to redirect users to a fake antivirus page in order to social engineer victims into installing malware? The status actually goes further by saying that google.com hosted malware:
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 41 domain(s), including sangalonews.com/, ro777.com/, aviris.com.ua/.
How long will it take before Google blacklist itself?
http://www.google.com/safebrowsing/diagnostic?site=.
Until very recently, the Google SafeBrowsing status for google.com was not showing any potential threat. Now, it is showing that "google.com appeared to function as an intermediary for the infection of 13 site(s)".
Is is true that attackers are using Google to redirect users to a fake antivirus page in order to social engineer victims into installing malware? The status actually goes further by saying that google.com hosted malware:
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 41 domain(s), including sangalonews.com/, ro777.com/, aviris.com.ua/.
How long will it take before Google blacklist itself?
Friday, April 9, 2010
Compromised Ad Networks Spreading Malware
Blue Coat labs is alerting users that its WebPulse™ network has detected that several major ad-serving networks appear to have been tricked into including ads from a malicious or compromised "partner" site, daniton.com, that is including malicious JavaScript along with some of its banner ads. The JavaScript decrypts itself to inject a hidden iFrame into the host page, which quietly downloads exploit code in the background, including malicious PDF files that exploit vulnerabilities in unpatched versions of Adobe Acrobat Reader. Blue Coat WebFilter customers are protected from this attack, as WebFilter is blocking the malicious ad server, and the exploit servers referenced by the injected iFrames.
Monday, April 5, 2010
Infonetics Predicts SaaS Revenues To Grow
From: http://www.rfpconnect.com/news/2010/3/31/infonetics-predicts-saas-revenues-to-grow
Infonetics Research released the first edition of its 2010 biannual Managed Security Services and SaaS market size and forecast report.
SECURITY SERVICES MARKET HIGHLIGHTS
- Managed security service revenue totaled $9.4 billion in 2009, up 12% from 2008
- Service provider managed firewalls continue to be the bread and butter services among CPE-based security services
- Worldwide revenue derived from security services delivered via SaaS grew 70% in 2009, fueled primarily by demand for content security services (e.g., Web, e-mail, and anti-virus security)
- SaaS revenue is forecast to grow from 10% of total security service revenue in 2009 to 22% in 2014, with cloud-based and CPE-based security services making up the balance
- While large organizations currently represent the largest revenue opportunity for service providers offering managed security services, medium and small organizations are spending money on security services at a faster pace
- North America accounts for 41% of worldwide managed security service revenue in 2009
REPORT SYNOPSIS
Infonetics' Managed Security Services and SaaS report provides market size, forecasts through 2014, and analysis for managed security services by technology (managed firewalls, content security, IDS/IPS, other), service type (CPE, cloud, SaaS), and organization size.
Companies tracked in the report include major telecom service providers (AT&T, T-Systems, China Telecom, etc.), large hosting and Internet content providers offering security services (Google, etc.), specialized security service providers (Virtela, SecureWorks, etc.), and security SaaS vendors (Cisco/ScanSafe, Symantec, McAfee, zScaler, Barracuda/Purewire, Trend Micro, Websense, etc.).
The report includes market drivers, service roadmaps, relevant survey data, and service provider analysis. Regions include North America (with US and Canada breakouts), EMEA, Asia Pacific, and Central and Latin America.
Infonetics' 2009 managed security services revenue forecast ($9.5 billion), made a year ago, was within 1% of actual revenue ($9.4 billion).
"Despite the global economic meltdown that started in mid-2008, the security services market is strong and growing. The primary market drivers for security services include increasing global demand from organizations of all sizes due to the proliferation of security threats of all types; the complexity of current security solutions; widespread use of diverse devices; and the desire of product manufacturers and service providers to add recurring revenue and improve margins. Strong interest in and broad availability of software-as-a-service (SaaS) security offerings will help drive strong growth in the overall managed security services market over the next 5 years," notes Jeff Wilson, principal analyst for security at Infonetics Research. *
Infonetics Research released the first edition of its 2010 biannual Managed Security Services and SaaS market size and forecast report.
SECURITY SERVICES MARKET HIGHLIGHTS
- Managed security service revenue totaled $9.4 billion in 2009, up 12% from 2008
- Service provider managed firewalls continue to be the bread and butter services among CPE-based security services
- Worldwide revenue derived from security services delivered via SaaS grew 70% in 2009, fueled primarily by demand for content security services (e.g., Web, e-mail, and anti-virus security)
- SaaS revenue is forecast to grow from 10% of total security service revenue in 2009 to 22% in 2014, with cloud-based and CPE-based security services making up the balance
- While large organizations currently represent the largest revenue opportunity for service providers offering managed security services, medium and small organizations are spending money on security services at a faster pace
- North America accounts for 41% of worldwide managed security service revenue in 2009
REPORT SYNOPSIS
Infonetics' Managed Security Services and SaaS report provides market size, forecasts through 2014, and analysis for managed security services by technology (managed firewalls, content security, IDS/IPS, other), service type (CPE, cloud, SaaS), and organization size.
Companies tracked in the report include major telecom service providers (AT&T, T-Systems, China Telecom, etc.), large hosting and Internet content providers offering security services (Google, etc.), specialized security service providers (Virtela, SecureWorks, etc.), and security SaaS vendors (Cisco/ScanSafe, Symantec, McAfee, zScaler, Barracuda/Purewire, Trend Micro, Websense, etc.).
The report includes market drivers, service roadmaps, relevant survey data, and service provider analysis. Regions include North America (with US and Canada breakouts), EMEA, Asia Pacific, and Central and Latin America.
Infonetics' 2009 managed security services revenue forecast ($9.5 billion), made a year ago, was within 1% of actual revenue ($9.4 billion).
"Despite the global economic meltdown that started in mid-2008, the security services market is strong and growing. The primary market drivers for security services include increasing global demand from organizations of all sizes due to the proliferation of security threats of all types; the complexity of current security solutions; widespread use of diverse devices; and the desire of product manufacturers and service providers to add recurring revenue and improve margins. Strong interest in and broad availability of software-as-a-service (SaaS) security offerings will help drive strong growth in the overall managed security services market over the next 5 years," notes Jeff Wilson, principal analyst for security at Infonetics Research. *
Sunday, April 4, 2010
Blue Coat stresses need to combat social engineering
From: http://www.securecomputing.net.au/News/170978,blue-coat-stresses-need-to-combat-social-engineering.aspx
User awareness must supplement protections, says firm.
Administrators and security vendors must step up efforts to prevent social engineering attacks in the enterprise, according to security vendor Blue Coat systems.
The company said in its annual security report that in addition to swifter analysis and protection, end-users need to be made aware of the practices commonly used to trick them into installing malware and releasing sensitive data.
Blue Coat cited increasingly popular trends such as search engine optimisation (SEO) and more sophisticated and targeted attacks in saying that companies need to make employees more aware rather than depending strictly on new security tools and appliances.
"The increasing use of link farms to manipulate search engine results and prey on the trust users have in their internet experience drove many of the malware exploits we saw in 2009 and are continuing to see in 2010," said Blue Coat senior malware researcher Chris Larsen.
"To provide comprehensive protection in the face of these threats, enterprises need not only a layered defence but also better user education."
The increased need for user awareness also comes as users are increasingly relying on social networking platforms that are fertile grounds for social engineering.
Blue Coat said that social networking was the most common activity among users and that messaging over those platforms was beginning to replace some of the traffic on webmail services.
Because users are more apt to trust friends and acquaintances on networking sites, attacks from compromised accounts of hosted applications can be extremely successful for cybercrooks. Services such as Twitter and Facebook have been particularly popular targets.
User awareness must supplement protections, says firm.
Administrators and security vendors must step up efforts to prevent social engineering attacks in the enterprise, according to security vendor Blue Coat systems.
The company said in its annual security report that in addition to swifter analysis and protection, end-users need to be made aware of the practices commonly used to trick them into installing malware and releasing sensitive data.
Blue Coat cited increasingly popular trends such as search engine optimisation (SEO) and more sophisticated and targeted attacks in saying that companies need to make employees more aware rather than depending strictly on new security tools and appliances.
"The increasing use of link farms to manipulate search engine results and prey on the trust users have in their internet experience drove many of the malware exploits we saw in 2009 and are continuing to see in 2010," said Blue Coat senior malware researcher Chris Larsen.
"To provide comprehensive protection in the face of these threats, enterprises need not only a layered defence but also better user education."
The increased need for user awareness also comes as users are increasingly relying on social networking platforms that are fertile grounds for social engineering.
Blue Coat said that social networking was the most common activity among users and that messaging over those platforms was beginning to replace some of the traffic on webmail services.
Because users are more apt to trust friends and acquaintances on networking sites, attacks from compromised accounts of hosted applications can be extremely successful for cybercrooks. Services such as Twitter and Facebook have been particularly popular targets.
Saturday, April 3, 2010
Malware lifespan continues to shorten
From: http://www.infosecurity-us.com/view/8446/malware-lifespan-continues-to-shorten-says-blue-coat/
Malware adaptation rates are getting faster, according to a report from Blue Coat Systems. The average lifespan of malware dropped to two hours last year, from up to seven hours in 2007, it said, adding that this has had a significant effect on the effectiveness of software patches.
The Blue Coat Web Security Report 2009 said that malware is becoming more volatile on two fronts. First, multiple variations of the same malware threat are developed to circumvent antivirus scanners. Second, malware tends to move around quickly, so the URL filtering tools cannot block it indefinitely.
"In many instances, malware moves in as little as two hours because once a Web filtering solution identifies a URL as a malware host location, it doesn't matter if the code is updated," the report said.
That said, Blue Coat also reported a significant role for older malware. Although new malware made the headlines in 2009, such as Conficker and Gumblar, several existing threats including Netsky and MyDoom were far more prevalent, the company said.
Other discoveries included the fact that online storage and software download sites were the most frequent hiding places for web-based malware last year. The number of online storage sites grew over 200% in 2009 compared to 2008, the company said, making them a perfect deployment vector for malicious software.
The number of data collection sites and drop zones designed to harvest information from malware increased fivefold in 2009, which was largely down to redundancy in the drop zone infrastructure, according to the report. "This increases the likelihood that one or more of the URLs will remain undiscovered long enough for cyber criminals to retrieve stolen information," Blue Coat said.
Malware adaptation rates are getting faster, according to a report from Blue Coat Systems. The average lifespan of malware dropped to two hours last year, from up to seven hours in 2007, it said, adding that this has had a significant effect on the effectiveness of software patches.
The Blue Coat Web Security Report 2009 said that malware is becoming more volatile on two fronts. First, multiple variations of the same malware threat are developed to circumvent antivirus scanners. Second, malware tends to move around quickly, so the URL filtering tools cannot block it indefinitely.
"In many instances, malware moves in as little as two hours because once a Web filtering solution identifies a URL as a malware host location, it doesn't matter if the code is updated," the report said.
That said, Blue Coat also reported a significant role for older malware. Although new malware made the headlines in 2009, such as Conficker and Gumblar, several existing threats including Netsky and MyDoom were far more prevalent, the company said.
Other discoveries included the fact that online storage and software download sites were the most frequent hiding places for web-based malware last year. The number of online storage sites grew over 200% in 2009 compared to 2008, the company said, making them a perfect deployment vector for malicious software.
The number of data collection sites and drop zones designed to harvest information from malware increased fivefold in 2009, which was largely down to redundancy in the drop zone infrastructure, according to the report. "This increases the likelihood that one or more of the URLs will remain undiscovered long enough for cyber criminals to retrieve stolen information," Blue Coat said.
Friday, April 2, 2010
Sophos Explains SEO Poisoning
From: Graham Cluely's Blog at Sophos
We've talked many times on this blog about how hackers exploit hot trending news stories using blackhat search engine optimisation (SEO) techniques to poison search engine results. Often this is with the intention of spreading scareware (also known as fake anti-virus attacks).
In fact, SEO poisoning is one of the major methods of attack that we are seeing being used by online criminals at the moment.
Fraser and Onur in our [Sophos] labs have written an excellent technical paper (PDF) which discusses the problem, and lifts the lid on how the bad guys are using automated kits to do their dirty work for them.
Download the "Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware" technical paperIt's a great read. Check it out now.
We've talked many times on this blog about how hackers exploit hot trending news stories using blackhat search engine optimisation (SEO) techniques to poison search engine results. Often this is with the intention of spreading scareware (also known as fake anti-virus attacks).
In fact, SEO poisoning is one of the major methods of attack that we are seeing being used by online criminals at the moment.
Fraser and Onur in our [Sophos] labs have written an excellent technical paper (PDF) which discusses the problem, and lifts the lid on how the bad guys are using automated kits to do their dirty work for them.
Download the "Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware" technical paperIt's a great read. Check it out now.
Thursday, April 1, 2010
Attacks Exploit Growing Use of Social Media
From: http://www.thenewnewinternet.com/2010/03/30/attacks-exploit-growing-use-of-social-media
Attacks perpetrated by cyber criminals are exploiting the growing reliance on social media by Internet users, according to a report released today by Blue Coat. As more Internet users shift to social media, the bad guys have moved along with them, seeking to leverage the new technologies to conduct malware attacks.
Blue Coat has extensive cloud systems offerings and has put together the “Blue Coat Web Security Report for 2009” which focuses not on anti-virus effectiveness but rather examines web behavior. Blue Coat provides URL monitoring, which Bob Hansmann, senior product marketing manager at Blue Coat Systems, says can help to protect customers from zero day exploits often missed by traditional anti-virus software.
“We’re securing those customers when a zero day [exploit] comes out,” he said.
The report found that social networking sites accounted for one quarter of all Web access activity in 2009. Over the previous year, social networking use skyrocketed 500 percent, according to the report.
The major driver behind cyber crime was possible financial gain, with attacks being “more adaptive to where and how users were using the Web at any given moment.”
According to Hansmann, a number of new technologies appeared in 2009. “Cyber criminals were the first to start using it,” he said.
Fake anti-virus programs topped the list of successful malware campaigns. Recently, Facebook experienced a fake anti-virus program that spreads itself by tagging “Friends” in a photo of the product.
Throughout 2009, social networking sites like Facebook, Twitter and MySpace experienced cyber attack campaigns, commonly using phishing tactics. One of the principle problems with social networking sites is that typical “indicators” of a phishing attack do not apply. It is common to see misspellings and other grammatical errors on social networking sites that are not tolerated in emails.
The method to combat the growing attempts by criminals to leverage social media is education. People are the first line of defense against malware attacks, and following simple practices such as “be careful what you click on” can make a world of difference, according to Hansmann.
In 2010, Blue Coat predicts that Web threats will continue to increase, social media technologies will be more vulnerable to attacks, email will not be used as often to distribute malware, malware distributors will continue to utilize hot topics to point unsuspecting users to infected websites and remote workers will be the most exposed to threats.
Attacks perpetrated by cyber criminals are exploiting the growing reliance on social media by Internet users, according to a report released today by Blue Coat. As more Internet users shift to social media, the bad guys have moved along with them, seeking to leverage the new technologies to conduct malware attacks.
Blue Coat has extensive cloud systems offerings and has put together the “Blue Coat Web Security Report for 2009” which focuses not on anti-virus effectiveness but rather examines web behavior. Blue Coat provides URL monitoring, which Bob Hansmann, senior product marketing manager at Blue Coat Systems, says can help to protect customers from zero day exploits often missed by traditional anti-virus software.
“We’re securing those customers when a zero day [exploit] comes out,” he said.
The report found that social networking sites accounted for one quarter of all Web access activity in 2009. Over the previous year, social networking use skyrocketed 500 percent, according to the report.
The major driver behind cyber crime was possible financial gain, with attacks being “more adaptive to where and how users were using the Web at any given moment.”
According to Hansmann, a number of new technologies appeared in 2009. “Cyber criminals were the first to start using it,” he said.
Fake anti-virus programs topped the list of successful malware campaigns. Recently, Facebook experienced a fake anti-virus program that spreads itself by tagging “Friends” in a photo of the product.
Throughout 2009, social networking sites like Facebook, Twitter and MySpace experienced cyber attack campaigns, commonly using phishing tactics. One of the principle problems with social networking sites is that typical “indicators” of a phishing attack do not apply. It is common to see misspellings and other grammatical errors on social networking sites that are not tolerated in emails.
The method to combat the growing attempts by criminals to leverage social media is education. People are the first line of defense against malware attacks, and following simple practices such as “be careful what you click on” can make a world of difference, according to Hansmann.
In 2010, Blue Coat predicts that Web threats will continue to increase, social media technologies will be more vulnerable to attacks, email will not be used as often to distribute malware, malware distributors will continue to utilize hot topics to point unsuspecting users to infected websites and remote workers will be the most exposed to threats.
Subscribe to:
Posts (Atom)
Posts
