David Kirkpatrick

March 3, 2010

Dirty ISPs better watch out

A new ranking system from the Oak Ridge National Laboratory and Indiana University will ferret out providers run by cybercriminals.

From the link (goes to Oak Ridge National Laboratory story tips for March 2010):

Cybercrime—Exposing hackers . . .

Unscrupulous Internet service providers will have no place to hide because of a ranking system conceived by researchers at Oak Ridge National Laboratory and Indiana University. “Criminal enterprises have created entire Internet service providers dedicated to sending spam, phishing messages or spreading viruses,” said Craig Shue of ORNL’s Computational Sciences and Engineering Division. While some have been caught by the Federal Trade Commission or other Internet service providers unwilling to do business with them, many are able to escape detection. “These other Internet service providers have customers whose machines become infected and can be used to launch attacks or steal the customer’s data,” Shue said. This work, which creates a ranking system Shue likened to grading systems for comparing school districts, is funded in part by the National Science Foundation and Indiana University.

May 22, 2009

Mobile phone virus research

Something to think about in terms of future threats to our increasingly electronic and computurized lives.

The release:

Viral epidemics poised to go mobile

Scientists predict mobile phone viruses will pose a serious threat

IMAGE: This image shows the different mechanisms of virus transmission between mobile phones.

Click here for more information. 

If you own a computer, chances are you have experienced the aftermath of a nasty virus at some point. In contrast, there have been no major outbreaks of mobile phone viral infection, despite the fact that over 80 percent of Americans now use these devices. A team headed by Albert-Laszlo Barabasi, director of the Center for Complex Network Research at Northeastern University, set out to explain why this is true.

The researchers used calling and mobility data from over six million anonymous mobile phone users to create a comprehensive picture of the threat mobile phone viruses pose to users. The results of this study, published in the May 22 issue of Science, indicate that a highly fragmented market share has effectively hindered outbreaks thus far. Further, their work predicts that viruses will pose a serious threat once a single mobile operating system’s market share grows sufficiently large. This event may not be far off, given the 150 percent annual growth rate of smart phones.

“We haven’t had a problem so far because only phones with operating systems, so-called ‘smart phones’, are susceptible to viral infection,” explained Marta Gonzalez, one of the authors of the publication. “Once a single operating system becomes common, we could potentially see outbreaks of epidemic proportion because a mobile phone virus can spread by two mechanisms: a Bluetooth virus can infect all Bluetooth-activated phones in a 10-30 meter radius, while Multimedia Messaging System (MMS) virus, like many computer viruses, spreads using the address book of the device. Not surprisingly, hybrid viruses, which can infect via both routes, pose the most significant danger.”

This study builds upon earlier research by the same group, which used mobile phone data to create a predictive model of human mobility patterns. The current work used this model to simulate Bluetooth virus infection scenarios, finding that Bluetooth viruses will eventually infect all susceptible handsets, but the rate is slow, being limited by human behavioral patterns. This characteristic suggests there should be sufficient time to deploy countermeasures such as antiviral software to prevent major Bluetooth outbreaks. In contrast, spread of MMS viruses is not restricted by human behavioral patterns, however spread of these types of viruses are constrained because the number of susceptible devices is currently much smaller.

As our world becomes increasingly connected we face unprecedented challenges. Studies such as this one, categorized as computational social science, are necessary to understand group behavior and organization, assess potential threats, and develop solutions to the issues faced by our ever-changing society.

“This is what statistical analysis of complex systems is all about: finding patterns in nature,” said Gonzalez. “This research is vital because it puts a huge amount of data into the service of science.”

 

###

April 15, 2009

Conficker not done?

Filed under: Media, Technology — Tags: , , , , , — David Kirkpatrick @ 4:56 pm

Either the Conficker virus has some very nasty surprise in store sometime soon, or it’s been the biggest over-hyped flop to come along in a very long time. The media had people (casual users) frightened to even boot their computers on April 1.

I’m thinking a lot of the ongoing reports — such as security analysts announcing the creator of the computer virus changed the bug’s orders plan after so much publicity broke out — are just signs that “security analysts” don’t want to appear wrong. Very similar to political pundits who declared great truths and when those proclamations turn out to be horseshit simply move on to the next idea.

At any rate, I’ll add to the noise level by posting this press release from one of those experts.

The release:

Conficker Worm Expected to Influence Rise in Spam, Says Commtouch Trend Report
SUNNYVALE, Calif.–(BUSINESS WIRE)– Computers infected by the Conficker worm could cause a meaningful rise in spam levels for the next quarter, according to the Q1 2009 Internet Threat Trends Report by Commtouch(R)(Nasdaq:CTCH). The multiple variations of the worm have infected approximately 15 million computers around the world according to researchers.

Highlights from the Q1 trend report include:

  • Loan spam jumped to the top of the list of top spam topics, with 28% in the first quarter, possibly reflective of the global economic situation.
  • Users of social networking sites were targeted by new, more complex phishing attacks.
  • Computers/Technology sites and Search engines/Portals are among the top 10 Web site categories infected with malware and/or manipulated by phishing according to the Commtouch Data Center.
  • Brazil continues to lead in zombie computer activity, producing nearly 14% of active zombies for the quarter.
  • Spam levels averaged 72% of all email traffic throughout the quarter and peaked at 96% of all email messages in early January. It then bottomed out at 65% in February.
  • Spammers attacked large groups of an ISP’s users and moved to the next ISP in a targeted spam outbreak.
  • An average of 302,000 zombies were activated each day for the purpose of malicious activity.

“To block the flood of spam that the massive botnet created by the Conficker worm is capable of sending, new spam detection methods beyond traditional content filtering must be employed,” said Amir Lev, chief technology officer of Commtouch. “Detection based on analysis of patterns is the best tool to block massive spam attacks as these patterns will be created in seconds and the IP addresses of the infected computers will be tracked within minutes.”

Commtouch Recurrent Pattern Detection(TM) and GlobalView(TM) technologies identify and block messaging and Web security threats, including increasingly malicious malware and phishing outbreaks. More details, including samples and statistics, are available in the Commtouch Q1 2009 Internet Threats Trend Report, available from Commtouch Labs at: http://www.commtouch.com/download/1348.

NOTE: Reported global spam levels are based on Internet email traffic as measured from unfiltered data streams, not including internal corporate traffic. Therefore global spam levels will differ from the quantities reaching end user inboxes, due to several possible layers of filtering at the ISP level.

About Commtouch

Commtouch(R) (NASDAQ:CTCH) provides proven messaging and Web security technology to more than 100 security companies and service providers for integration into their solutions. Commtouch’s patented Recurrent Pattern Detection(TM) (RPD(TM)) and GlobalView(TM) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, protecting email infrastructures and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, Calif.

Stay abreast of the latest messaging and Web threat trends all quarter long at the Commtouch Cafe: http://blog.commtouch.com. For more information about enhancing security offerings with Commtouch technology, see http://www.commtouch.com or write info@commtouch.com.

Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.

 

 

Commtouch

<<Business Wire — 04/15/2009>>

No rush to monetize Twitter …

Filed under: Business, Media, Technology — Tags: , , , , , , , — David Kirkpatrick @ 2:06 pm

… according to co-founder Biz Stone. The buzz and profile is skyrocketing, but at some point that will max out. This should be an interesting rollout to keep your eyes on because at some point some serious money will change hands for an open API application that lets people send 140 characters at a pop. Think about that for a second and then realize there is no way to predict what will hit next in the online universe.

From the link:

“It’s not tough for us because we have a lot of money in the bank and patient investors [and a] patient board,” said Stone, adding that the company first wants to focus on growing the network, increasing its user base and adding new features to the site. “We want to focus on this before profit. If we focus on profit, then we take people away from focusing on features.”

Online pundits and bloggers have been closely eyeballing Twitter and criticizing the company’s lack of a business plan, doling out dire warnings about the future of the microblogging site unless it comes up with a viable strategy for making money sometime very soon.

A Wall Street Journal blog post written by Kara Swisher on Thursday is whipping up the rumor mill again.

About a week after rumors flew saying that Google Inc. was in talks to buy Twitter, Swisher’s post led to reports that Google and Microsoft Corp. are sparring to grab a piece of Twitter’s potential search advertising revenue.

In other Twitter news, hit this link for information about the Twitter worm and how to combat the virus.

Find me on Twitter at http://twitter.com/davidkonline.

April 1, 2009

Conficker bust?

Filed under: Business, Technology — Tags: , , , — David Kirkpatrick @ 3:08 pm

The end of the internet as we know it? Not so much. Maybe the black hats responsible for the worm got cold feet after Microsoft put a quarter million dollar bounty on their head.

From the link:

Malicious software installed on millions of computers has yet to wreak havoc on technology systems worldwide as some fear, but researchers warned that the “Conficker worm” could still strike in the future.

Also known as Downadup or Kido, Conficker turns infected PCs into slaves that respond to commands sent from a remote server that effectively controls an army of slave computers.

Researchers feared that the network created by Conficker might be deployed on Wednesday for the first time since the worm surfaced last year because its code suggested it would seek to communicate with its master server on April 1.

They formed an industry-wide task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the army of slave computers, known as a botnet.

“The Conficker-infected machines attempted to call home to get new commands from their master but those calls went unanswered,” said Joris Evers, spokesman for security software maker McAfee Inc.

March 31, 2009

Worried about Conficker?

Filed under: et.al., Technology — Tags: , , , — David Kirkpatrick @ 1:29 pm

Here’s a page full of information.

March 27, 2009

Watch out for FileFix Pro 2009

Filed under: Business, et.al., Media, Technology — Tags: , , , , , , — David Kirkpatrick @ 5:16 pm

This is a new, and disturbing, twist on malware/virus attacks. It’s an encryption trojan horse that extorts money from you to decrypt the files (.doc, .pdf, etc.) in your My Documents folder.

If you have a problem with FileFix Pro 2009 do keep in mind there are no-cost fixes (read: file decrypters) out there so don’t send these cybercriminals any money.

If you need a fix, here are options from the link:

Users who have fallen for the FileFix Pro 2009 con do not have to fork over cash to restore their files, according to other researchers, who have figured out how to decrypt the data. The Bleeping Computer site, for instance, has a free program called “Anti FileFix” available for download that unscrambles files corrupted by the Trojan. And security company FireEye Inc. has created a free online decrypter that also returns files to their original condition.

Also from the link:

The new scam takes a different tack: It uses a Trojan horse that’s seeded by tricking users into running a file that poses as something legitimate like a software update. Once on the victim’s PC, the Trojan swings into action, encrypting a wide variety of document types — ranging from Microsoft Word .doc files to Adobe Reader .pdf documents — anytime one’s opened. It also scrambles the files in Windows’ “My Documents” folder.

When a user tries to open one of the encrypted files, an alert pops up saying that a utility called FileFix Pro 2009 will unscramble the data. The message poses as an semi-official notice from the operating system: “Windows detected that some of your MS Office and media files are corrupted. Click here to download and install recommended file repair application,” the message reads.

Clicking on the alert downloads and installs FileFix Pro, but the utility is anything but legit. It will decrypt only one of the corrupted files for free, then demands the user purchase the software. Price? $50.