|
"SPAMfighter News" - 7 new articles
Three Found Guilty for SpammingThe US Attorney Benton J. Campbell of the Eastern District of New York and Assistant Attorney General Alice S. Fisher of the Criminal Division announced on January 30, 2008 that three defendants held guilty to federal charges on demanding a fraud "advance-fee" scheme, for duping the US victims with false promises of giving big amount of dollars, subsuming money from a lottery and an estate, as published by SunHerald on January 30, 2008. As per the Department of Justice (DOJ), the three accused sent spam e-mails claiming to be coming from a terminally ill patient of throat cancer who needs assistant to donate around US$55 Million to charity . Out of the three who got arrested, two belongs to Nigeria and the third one is from Senegal. The DOJ stated in a press release that thousands of victims were sent spam e-mails by the three accused. In those e-mails, they claimed to have large amount of dollars positioned abroad. The DOJ also said that scam victims lost around $1.20 Million as they gave out fees in advance. The guilty were held in the US District Court for New York's Eastern District. The names of the accused were Chizuba, Nnamdi, and Anisiobi, of Nigeria, aged 31 years, also known as Yellowman, Michael Anderson, Nancy White, Edmund Walter, Abdul Rahman, Namo, and Jiggaman. Another convict was Anthony Friday Ehis, alias Toni N. Amokwu, John J. Smith and Mr. T, aged 34, from Senegal. Kesandu Egwuonwu, the third victim, is aged 35, and is from Nigeria and is used fake names like David Mark, Joey Martin Maxwell, Helmut Schkinger and KeKe. Also, Anisiobi was pleaded guilty of one case of conspiracy, one of mail fraud and eight cases of wired fraud. The investigation on the three accused was initiated by the Dutch law enforcement authorities. The Dutch authorities identified the victims in the US and soon notified their illegal act to the US Postal Inspection Service. From there on, the Postal Inspection Service started their investigation and charged the accused with the allegation. The defendants were arrested in Amsterdam on February 21, 2006, and were extradited to the US then. • Email to a friend • Related • Small Antivirus Companies Snowed Down by Malware AttacksThe Chief Executive and the President of Sunbelt Software, an antivirus company, Alex Eckelberry, said in a blog on January 24, 2008 that enormous quantity of malware that exists in the network is making small antivirus companies to face a tough time in handling the problems. The statement was published, as published by zdnetasia.com on January 28, 2008. Eckelberry further added that as the programmers designing the malware are exceptionally good, the small enterprise working with a small team on the anti-spyware or antivirus product are of no use. It is impossible for a smaller team to win over malware attack, therefore, a big task force is needed to fight the battle against malware. Eckelberry gave an account on various malware samples, unique in their kinds, along with its variants. The malware sample and its variants rose to 5,490,960 in 2007 from a small figure of 564 in 1986. In the beginning of the year 2006, the unique samples of malware were restricted under a million, but it quintupled in the later part of the year 2007. Eckelberry further added that some samples are varieties of the same malware piece. The increasing rise in malware has caused a huge profit margin, as for example, a Trojan virus is amended and altered repetitively to create another one to trick anti-malware software. This practice is becoming a huge burden for all the security professionals working for smaller security firm. Eckelberry said that they are handing gigabytes of malevolent pieces on a regular basis. Though Alex confirmed that their automated anti-malware systems, such as Sandbox, help a lot, but he also agreed that manpower plays a significant role in winning over the problem. The Chief Research Officer for antivirus company F-Secure, Mikko Hypponen, also agreed on the increasing amount of malware attack, as reported by zdnetasia.com on January 28, 2008. Hypponen further said that the number of malware has increased up to an enormous amount and they are receiving around 17,000 malware samples every day. He further agreed that it will become tougher for the smaller security companies to control these uncontrollable malware, unless they become smarter. • Email to a friend • Related • Malware Enters School Computer NetworkIn the last week of January 2008, the computer network of Janesville School District got affected by a malicious piece of computer programming. Malware entered into the computer network, but no loss of information or data was reported. Doug Bunton, the Director of Business Services, said, as reported by gazettextra.com on January 28, 2008, that though the data that belong to the district is not lost by the malware intrusion, but the data that belonged to individuals may have been lost in the form of files on which the individuals were working when their machines shut down. He said that the district's network is linked to around 3,500 computers. The malware is programmed in a way that it not only loads unwanted programs on a computer in order to access personal information, but is also designed in a way that it breaches the security norms. Bunton further added that the malware, which is known as "data packet", cannot be classified as a virus as it does not replicate itself. The malware functions by locking up all the computers linked to the district network. Sometimes it also shut down the system, restarts it, or flashes false error messages. Though Bunton agrees that the firewall integrated into the district's computer always tries to stop such attacks always, but sometimes the firewall slips detecting a malware and at that time, the "data packet" makes use of the flaw in the operating system of Microsoft Windows. However, the "data packet" is a very poorly designed malware which has been designed to cause chaos. As the malware is made up of a small component, it can hide itself anywhere in the registry and can re-install itself again after it has been removed. The new manager of district's information systems, Brandon Keirns, commented in a statement published by gazettextra.com on January 28, 2008 that the malware can enter a computer through an e-mail or a website while downloading something. Keirns agreed that the malware entered and spread throughout the district, but it didn't harm all computers. Keirns said that Microsoft has installed "fix" to put an end to the "Data packet". He continued that as malware is increasing in volume, the security from these viruses has now become the chief concern. • Email to a friend • Related • New Code Demonstrates Exploitation of Critical Windows FlawThe computer security company Immunity Inc. posted, on January 29, 2008, a Flash video to demonstrate how a proof of concept exploit takes advantage of the IGMPv3 networking protocol vulnerability described in Microsoft Security Bulletin MS08-001. Chief Technology Officer Dave Aitel of Immunity said that the movie shows the exploit attack aiming at a local subsidiary network, which has a population of two systems running Windows XP SP2 with firewall activated. InformationWeek published Aitel's statement on January 30, 2008. The MS08-001 Security Bulletin presents a patch for the flaw, which was updated during the week from January 21 to January 27, 2008 to correctly explain the influence of Windows Kernel MLDv2 and TCP/IP/IGMPv3 flaws on supporting versions, Windows Home Server and Windows Small Business Server 2003. The explanation includes a correction of the danger of the flaw on the pair of settings by rating it "critical". Organizations that haven't implemented the patch are urged to take action. Previously, Dave Aitel had described the Internet Group Management Protocol (IGMP) flaw as this year's potential blockbuster. In a thorough discussion of the vulnerability along with its exploitation, Symantec too accepted that hackers would be largely rewarded even if copying Immunity's work could prove to be tough. The security company indicated that it is quite difficult to exploit a remote flaw in Windows kernel. Also, there have been exploits, which successfully influence such flaws. The exploits are publicly released. Today Immunity's exploit code allows execution of arbitrary code in Windows kernel. On January 8, 2008, when Microsoft published its MS08-001 bulletin, it rated the IGMP vulnerability also to have "critical" impact on Windows Vista, Windows XP SP2, Windows Home Server and Windows Small Business Server. The flaw is particularly more critical for Vista, because of its highly effective kernel security tools. A local end-user, even an administrator, may find it difficult to inject an unauthorized code into the Vista kernel, however, in the current case, the act is possible from a remote location without requiring any authentication. The vulnerability not only allows arbitrary code execution but also lets installation of rootkits, backdoors etc. that are normally difficult with standard remote user vulnerability. • Email to a friend • Related • Mortgage Spam Surges as Interest Rates LoweredSpam promoting mortgage refinance spiked to 10% of total spam during the third week of January 2008 and around the time when the US Federal Reserve cut interest rates, according to a recent research by Commtouch, a vendor for antivirus. Businesswire published this on January 30, 2008. Spam relating to finance is always a preferred subject for its creators even during periods of high interest rates. Following the Federal Reserve's announcement of the reduced interest rates during January 21-27, 2008, refinancing has become accessible to millions of mortgages in the US. Spammers are distributing their messages with different kinds of mortgage-themed subjects, like "save over 50% on your monthly mortgage payments by refinancing", "breaking mortgage news - Fed drops rates to 4.5%", and "30 seconds could save you money on your mortgage". A number of these messages even try to tell the recipient that he has been chosen to get a loan by stating that his mortgage application has been accepted. The e-mails actually implement poor tricks to persuade recipients to follow links and furnish information through a related form. Credulous recipients might believe that a loan is being offered to them. The large flow of mortgage refinance spam has an undesirable result in the form of obstruction of legitimate e-mails, called false positives. Electronic correspondence between financial companies or banks and their clients might be blocked or delayed due to over-zealousness of anti-spam products that have problems in differentiating between genuine mortgage-themed e-mail and the abundant finance-related spam. Chief Technology Officer, Amir Lev, for Commtouch, said that as market conditions have turned favorable for homeowners who desire to refinance their property mortgages, online criminals are exploiting this development by disseminating more mortgage-related spam. Businesswire published Lev's statement on January 30, 2008. Researchers at Commtouch thus advise loan providers and their clients to be especially cautious as some text-based e-mail blocking tools deployed on systems of banks and clients might filter legitimate messages, breaking the communication link. During Q4 2007, finance-based spam comprised of 2% of total number of unsolicited e-mails. The current interest rate adjustments have created an appropriate atmosphere to distribute financial spam. • Email to a friend • Related • New Mega-D botnet supersedes StormA newly emerging botnet that spams promotion campaigns for sexual enhancement drugs for men has proved stronger than the notorious Storm botnet to become the world's single largest source of spam, warned security vendor Marshal. SCMagazine published this on February 1, 2008. Vice President of Products, Bradley Anstis, at Marshal, said that the threat is a blended attack in which e-mail recipients are tricked into loading Mega-D. The e-mails also use breaking news headlines as bait to lure victims into viewing the spam mail, a technique similar to the Storm-laced spam. The recent news of the sudden death of Heath Ledger, the renowned Australian actor too has been exploited, said Anstis. SCMagazine published this. According to Marshal's security researchers, the spread of Mega-D infection probably started since September 2007 and has been steadily increasing. It is also possible that people responsible for the Storm botnet created some of the newer botnets as well. The latest spam campaign extensively promotes many pharmaceutical products like the Express Herbals, Herbal King, and VPXL. Known as Mega-D, the botnet accounts for 32% of total spam, 11% up from the peak level of 21% of the Storm botnet recorded in September 2007. Botnet herders seem to be making use of lessons from criticisms of the Storm. While the Storm botnet attracted a lot of media attention, the Mega-D operators are better placed to add more bots to their network because of their low publicity. Mega-D is fast expanding through regions like North America and Asia, imitating the proliferation of Storm botnet that is characterized with high penetration into broadband and low protection from anti-virus. Also, like the Storm botnet, controllers of Mega-D are employing Trojans that regularly change to avoid detection by signature-based solutions and work with Peer-to-Peer (P2P) sharing so that the botnet never shuts down. The Mega-D Trojan also goes off when it finds in a virtualized environment, generally employed by anti-virus vendors to analyze spam. According to similar news, BitDefender, another security vendor, reported detection of intensive promotion of the same VPXL drug in its top ten-threat list for January 2008 released on February 1, 2008. • Email to a friend • Related • BitDefender Report Discusses Some Top Malware for January 2008BitDefender, the company for anti-virus solutions, has detected malware that targets computers running un-patched Windows XP, and which has been the top threat in January 2008. Named as Exploit.Win32.WMF-PFV, the malicious software was found as frequently as 9% of the period. On January 5, 2008, Microsoft released the MS06-001 patch to plug security holes in Windows Graphics Rendering Engine. The malicious code in question is affecting mostly pirated editions of Windows that are devoid of scope for update. Head of AV Research, Sorin Dudea, at BitDefender, said that there might be numerous un-patched replicas of Windows exiting on the Web, generally pirated ones that do not download security patches so as not to handle activation. Therefore, the exploit continues to be popular among virus authors. Allheadlinenews published this on January 31, 2008. The mass mailer Netsky.P has been the second most prevalent malware proving its amazing power for survival. However, with respect to overall prevalence, it is at a far lower level of 4.35% compared to its peak of 30% during the months following its first outbreak. Remaining variants of this virus occupied lower positions in the list of top ten. One other notable malicious code is a program that restores activation keys of Windows XP. Appearing in the third position and getting the name Spyware.Pws.A from AV researchers at BitDefender, this malware incorporates with many of the current worms and viruses in distribution. An inclination towards the distribution of stealthier and more diverse malware continues, as is evident from the month's top ten-malware accounting for just 27% of all viruses, all discoveries of BitDefender. According to BitDefender Antispam Lab's report, image-based spam fall to nearly 4% of total spam, while there has been a growth in its variety. Stock spam has also declined from 20% of all spam in December 2007 to a far lower level at 3% in January 2008. Also, according to spam analyst Andra Miloiu for BitDefender, a greater part of January spam comprised of unique e-mails or nearly that, making an increasing demand for even more sophisticated anti-spam filters. Marketwire published Miloiu's statement in news on January 31, 2008. • Email to a friend • Related • Click here to safely unsubscribe now from "SPAMfighter News" or change subscription settings  Unsubscribe from all current and future newsletters powered by FeedBlitz
Subscribe to:
Post Comments (Atom)
Blog Archive
Links
|
0 comments:
Post a Comment