Though botnets have caused a large volume of junk email in recent months, security researchers are more alarmed at the rise in their level of sophistication, warning that targeted phishing attacks are making their way into corporate email servers. "They've reached a level of sophistication that we usually associate with commercial grade products," said Mark Sunner, chief security analyst at MessageLabs in New York. "We've seen the activity change and now botnets are spammed out in discrete chunks." In November, the global amount of spam in email traffic grew to nearly 90% of all global email traffic, according to statistics kept by MessageLabs. And that percentage is expected to hold in December. In addition, the vendor reported that 1 in 200 emails contained some type of phishing attack. MessageLabs said more than 68% of all malicious emails intercepted recently have been phishing attacks, a steady increase over the previous months.
As I discussed several weeks ago, everyone's seen that there has been a massive surge in spam over the last couple of months. More researchers are weighing in on what's behind it. One point many sources make, and I made in my last column, is that there was a "Christmas Spike" last year too. Spam shot up roughly from November 2005 through January 2006 and then tailed off until the late '06 surge, yielding a bowl-shaped curve for the year.
Source: Net-Security.org - LogError - Posted by Benjamin D. Thomas
Whether you enjoy the hustle and bustle of shopping in stores or prefer the flexibility and convenience of online shopping, be careful to not give the gift of your personal information to an identity thief.
Sometimes I hear a story that is simply breathtaking in its stupidity and potential for disaster. For your delectation, horror, and amazement, here is one relayed to me by a good friend a few days ago. He's living in a European country that shall remain unnamed; in addition, the names and some details have been changed to protect the guilty (and the very dumb). It was transmitted to me via Skype, so I've also cleaned up the spelling and punctuation common to IM conversations so that it's more readable.
A new report from e-mail vendor Postini indicates that spam -- or unsolicited commercial e-mail -- is worse than it has even been. According to the San Carlos, California-based firm, the percentage of spam grew by 59 percent among the 70 billion e-mails that Postini processed from September to November alone, bringing the level of junk e-mail to a striking 91 percent of all e-mails sent. According to Postini, total levels of spam have risen by 120 percent in the last year. And, just as bad, spam is growing more complex.
Criminal gangs using hijacked computers are behind a surge in unwanted e-mails peddling sex, drugs and stock tips. The number of "spam" messages has tripled since June and now accounts for as many as nine out of 10 e-mails sent worldwide, according to U.S. email security company Postini. As Christmas approaches, the daily trawl through in-boxes clogged with offers of fake Viagra, loans and sex aids is tipped to take even longer. "E-mail systems are overloaded or melting down trying to keep up with all the spam," said Dan Druker, a vice president at Postini.
As I mentioned in my DEFCON highlights article back in September, I learned about a group called kaos.theory who discussed an anonymity tool called SAMAEL (Secure, Anonymizing, Megalomaniacal, Autonomous, Encrypting Linux). I haven’t seen this tool been made available yet, so I decided to take a look at their first offering: Anonym.OS, a LiveCD built on OpenBSD that allows you to utilize the Tor network, along with Privoxy, to surf the Internet anonymously. To start, I thought it might be useful to understand what the two underlying tools were all about before I jumped into Anonym.OS.
The Tor network is an intriguing concept: build a bunch of servers around the Internet to route traffic through so that your connections can’t be traced. Why would you want to do that? Well, for several reasons, like you don’t want your web activity being traced by marketing people or spammers so they can come back and get you later. The really cool thing about Tor is that it’s not a hosted service; it’s a free toolset so that people can set up their own to help support the project and share their bandwidth.
When people read out a phone number, they use "phone rhythm." No one has to explain "phone rhythm," we all just seem to do it automatically, "…713...555...12…34". Similarly, when we answer a phone call we all say, "Hello." No one taught us to do that, but somehow we all seemed to pick it up. So why is it that when it comes to emails, there are no accepted standards? Even though 6 billion emails are sent every day, almost no one agrees about simple things like email etiquette, how to organize a note, or whether emails are considered private or not. The 99 tips in this article make up the best in email practices. From how to ethically use the ‘BCC:' to what attachments will make your mobile emailing compatible with everyone else's, this list covers everything you need to know about emailing.
We have all three hours of the audio for the recent "Privacy is Dead" talk available at the HOPE Number Six site. You can either stream it or download it, just like all the other HOPE talks.
In an earlier analysis, we revealed a botnet created by a trojan sometimes called SpamThru. By working with the anti-spam group SpamHaus and the ISP, we were able to receive access to files from the SpamThru control server. We have analyzed the files, and in this report we will look at some of the statistics and interesting finds. SpamThru operates in a limited peer-to-peer capacity, but all bots report to a central control server. The bots are segmented into different server ports, determined by which variant of the trojan is installed. The bots are further segmented into peer groups of no more than 512 bots, keeping the overhead involved in exchanging information about other peers to a minimum. In the following graph, the total count as recorded by the control server is shown for each control port.
