A booby-trapped e-mail that promises free sex movies is racking up victims around the world, warn security firms. Some variants of the Windows worm contain a link to PDF that a recipient has been told to expect. Those clicking on the link get neither movies nor documents but give the malware access to their entire Outlook address book. When installed, the worm sends copies of itself to every e-mail address it can find.

The malicious e-mail messages have a subject line saying "Here you have" and contain a weblink that looks like it connects to a PDF document. Instead it actually links to a website hosting the malware.

(Source: BBC)

Full story

BBC

Experts from nearly 40 countries gathered in the Estonian capital Tallinn to discuss the latest issues in the fight against virtual attackers. Estonian President Toomas Hendrik Ilves opened the conference with a stark warning about the seriousness of cybercrime. "Our critical infrastructure, electricity grids, transportation networks and mobile phone networks are so enmeshed and tied to the internet that any open society is open to complete and utter failure," he said. "There are no smoking guns, no foot or fingerprints in virtual reality," Estonia's Minister of Defence Jaak Aviksoo added.

Skilled hackers at the conference said malware designed to be used in attacks could be purchased for a few hundred dollars online, or even downloaded for free.

(Source: BBC)

Full story

BBC

Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euros ($24.52 million), Spanish police said on Tuesday. Police in fourteen countries participated a two-year investigation, initiated in Spain where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland and the United States, with arrests also made in Australia, Sweden, Greece, Finland and Hungary.

(Source: Reuters)

Full story

Reuters

Federal chief information officers and chief information security officers will convene Monday, June 14, at an annual information technology conference where they are sure to discuss the Office of Management and Budget's mandate to look toward cloud computing to cut IT costs, increase efficiencies and enable greater government-wide collaboration and data exchange. In examining the potential benefits and vulnerabilities of moving their services to the cloud, government CIOs and CISOs should ask and demand answers to some difficult questions.

Does your provider ensure the confidentiality, integrity and availability with mature processes, proof of past performance, understanding of and mechanisms for disaster recovery options, and encrypted backups?

(Source: GovInfo Security)

Full story

GovInfo Security

The number of internet threats coming from the UK has increased in May, according to research by managed security firm, Network Box. The UK is now responsible for nearly six (5.9) per cent of the world’s internet viruses, up from three per cent in April. The only countries that produce more viruses than the UK are Korea (16.26 per cent) and the US (11.68 per cent). The US and India continue to dominate the production of the world’s spam, with the US producing 10.7 per cent, and India 7.1 per cent (similar figures from last month).

Russia has seen a decline in viruses produced from within its borders – possibly an early result of Russian hosting service, PROXIEZ-NET – notoriously used by criminal gangs – being taken down earlier this month.

(Source: Network Box)

Full story

Network Box

Internet security firm Sophos has warned Facebook users to be on the alert for a scam which sends a spam message to all of their friends on the social network. Sophos, in a pair of blog posts late Monday, said "hundreds of thousands" of Facebook users have fallen for the scam which it dubbed "likejacking." It said some Facebook users had received a message such as "This man takes a picture of himself EVERYDAY for 8 YEARS!!" and were encouraged to click on a link. "This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads," Sophos said.

That followed a similar scam that spread on Facebook the week before involving a fake posting tagged as the "sexiest video ever," according to Sophos.

(Source: AFP)

Full story

AFP

According to the latest data by Trend Micro, a leading Internet security company, more than 2 million computers were hacked and 476 million spam e-mails were sent in Turkey between June 2009 and May 2010. With Internet an increasingly integral part of daily life, criminals are finding new playgrounds in cyberspace.

In 2004 there were 680 million Internet users and 3 million malwares globally. Six years later, the number of Internet users increased to around 1.7 billion, but malwares jumped 10-fold to 30 million. The nature of the Internet also makes it harder to track down a criminal of cyber crime, as it crosses borders and is hard to understand. “It is not like a bank robbery. There is no eyewitness or video footage,”

(Source: Hurriyet Daily News)

Full story

Hurriyet Daily News

A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union: As you can see, this is a typical message sent as spam that we have seen in many guises. It tries to pass itself off as some kind of official notification from well-known companies -anyone from UPS to Apple or even Panda- with the real aim of trying to trick users into running the attached file. However, this time when I saw the message I couldn’t help but smile. Why? Because I thought there was a certain irony about the message claiming to have been sent by Western Union, a company used by virtually all cyber-criminals.

Should we be pointing an accusatory finger at companies like Western Union? There are those who would argue that this is like criminalizing the Internet just because there are users that abuse its services. Fair enough. But if Western Union is just like any other company, why is it used so insistently by criminals?

(Source: PandaLabs)

Full story

PandaLabs

Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.

The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum

(Source: Krebs on Security)

Full story

Krebs on Security

Du 17 au 21 mai 2010 se tient à Ouagadougou un atelier sur la cybersécurité. Avec comme objectif de former les acteurs chargés de la sécurisation du cyberespace à la lutte efficace contre les cybermenaces, cette session connaît la participation de délégués de la Côte d’Ivoire, du Ghana, du Mali et du Nigeria. Les travaux dudit séminaire ont été ouverts par le Secrétaire général du Premier ministère, Paul Marie Compaoré.

Face aux spams, scams, virus, vers et autres cyberattaques, il est plus qu’urgent de développer des stratégies et des dispositifs de pointe à même de sécuriser les systèmes du cyberespace en le protégeant de toutes ces cybermenaces. C’est dans cette optique que l’Union internationale des télécommunications (UIT), en partenariat avec IMPACT et l’Autorité de régulation des communications électroniques (ARCE) du Burkina, organise du 17 au 21 mai 2010, un atelier sur la cybersécurité.

(Source: Le Faso)

Full story

Le Faso

Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.

Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time.

(Source: Krebs on Security)

Full story

Krebs on Security

With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.

The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the email—one Mrs. Michelle Matins, Executive Vice President—was also the signatory for the 419 scam, aka the Nigeria scam.

(Source: Trend Micro)

Full story

Trend Micro

As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.

Here are some of the key findings of the Consumer Reports survey: • A projected 1.7 million online households had experienced online identity theft in the past year. • An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. • Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. • An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.

(Source: PC World)

Full story

PC World

Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days.

"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/." Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.

(Source: ComputerWorld)

Full story

ComputerWorld

A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected.

"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," said Mr Ferguson.

(Source: BBC)

Full story

BBC

A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code. The plugin, called Fireshark, was released on Wednesday at the Black Hat conference. The open-source free tool is designed to address the shortcomings in other programs used to analyze malicious Web sites, said Stephan Chenette, a principal security researcher at Websense, which lets Chenette develop Fireshark in the course of his job. Hackers often target legitimate Web sites with code that can either infect a machine with malicious software or redirect a user to a bad Web page.

(Source: InfoWorld)

Full story

InfoWorld

Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru.

Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru. "We would expect to see high concentrations of compromised machines in areas with high concentrations of Internet saturation and urban population," said Team Cymru director, global outreach, and former Scotland Yard detective, Steve Santorelli.

(Source: IDG Connect)

Full story

IDG Connect

In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures. Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers.

Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified. Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.

(Source: PC World)

Full story

PC World

Spam levels have not been dented by a series of strikes against controllers of networks of hijacked computers. Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems. The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts. And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.

"Most non-commercial spam these days is aimed solely to get you to click on a link, even out of curiosity," he said. "As soon as you click on that link, you're infected, most likely to become yet another botnet victim, have your identity and information stolen and go on to participate, all unknowingly in the infection of further victims."

(Source: BBC)

Full story

BBC

The government has added fresh resources to the fight against cybercrime with the launch of a £4.3m programme to help combat fraud, estimated to cost UK consumers £3.5bn per year. The programme, which aims to take down scam websites, was launched by the Department for Business, Innovation and Skills this week. Under the scheme, up to 300 of the UK's approximately 3,000 existing trading standards officers will receive "intermediate" level training in tackling cybercrime.

In addition, a new cyber enforcement team within the Office of Fair Trading (OFT) will be set up. The team will lead investigations into websites selling fake or non-existent goods, tickets or services online, and will have an attached digital forensics lab that will be available to all OFT staff.

(Source: Silicon)

Full story

Silicon

Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service.

Phishing scams on Twitter usually involve attackers trying to obtain the login credentials of Twitter users, and then sending spam messages from the stolen accounts in a bid to make money, Twitter said on its blog last month. Twitter also fights phishing scams by watching for affected accounts and resetting passwords, it said. Phishing attacks ballooned on Twitter last year as the service grew in popularity. Twitter's new link-screening service comes after it last year started using Google's Safe Browsing API to check for malicious content in links posted by users.

(Source: PC World)

Full story

PC World

Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China -- the presumed source of the attack -- as a result.

Researchers investigating the Google attack -- thought to have affected at least 100 companies including Intel, Adobe and Symantec -- say that prime targets of the hackers were the source code management systems used by software developers to build code.

(Source: PC World)

Full story

PC World

Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.

(Source: The New Zealand Herald)

Full story

The New Zealand Herald

Security experts are split over the effectiveness of Microsoft's efforts to shut down a network of PCs that could send 1.5 billion spam messages a day. The firm persuaded a US judge to issue a court order to cripple 277 internet domains used by the Waledac botnet. Botnets are usually armies of hijacked Windows PCs that send spam or malware. "We aim to be more proactive in going after botnets to help protect the internet," said Richard Boscovich, the head of Microsoft's digital crime unit.

Security firm Symantec has estimated that over 80% of unsolicited e-mail comes from botnets.

(Source: BBC)

Full story

BBC

Intel was the victim of a cyber attack similar to the one experienced by Google, the company revealed Monday. "We regularly face attempts by others to gain unauthorized access through the Internet to our information technology systems," Intel said in regulatory filings posted by The New York Times. "One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google."

Attacks have included people who masqueraded as authorized users or those who used "surreptitious introduction of software," Intel said. "These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful."

(Source: PC Magazine)

Full story

PC Magazine

A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.

Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, Butler will face five years of supervised release and must pay US$27.5 million in restitution to his victims, according to Assistant U.S. Attorney Luke Dembosky, who prosecuted the case for the federal government. Dembosky believes the 13 year sentence is the longest-ever handed down for hacking charges.

(Source: ComputerWorld)

Full story

ComputerWorld

A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness. The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.

A botnet is an army of infected computers that hackers can control from a central machine." The company said the attack was first discovered in January during a routine deployment of NetWitness software.

(Source: Reuters)

Full story

Reuters

A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said Tuesday. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue. This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.

The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."

(Source: PC World)

Full story

PC World

Former top US intelligence officials will become cyberwarriors on Tuesday in a simulation of how the US government would respond to a massive cyberattack on the United States. "The scenario itself is secret," said Eileen McMenamin, vice president of communications for the Bipartisan Policy Center (BPC), which is hosting the event dubbed "Cyber ShockWave." "The participants don't even know what it is," McMenamin told AFP. "None of them know what's going to transpire."

Former president George W. Bush's Homeland Security chief Michael Chertoff will play the role of National Security Advisor to the president while former Director of National Intelligence John Negroponte will be Secretary of State.

(Source: AFP)

Full story

AFP

Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.

The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.

(Source: AP)

Full story

AP

China has closed what it claims to be the largest hacker training website in the country and arrested three of its members, domestic media reported on Monday.

The "Black Hawk Safety Net" website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee, the Wuhan Evening News newspaper reported this weekend, citing police in Huanggang, just east of Wuhan.

(Source: Reuters)

Full story

Reuters

Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post. However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.

(Source: ComputerWorld)

Full story

ComputerWorld

Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.

Fifty-seven percent of users surveyed reported getting spammed via social-networking sites -- an increase of 70.6 percent from 2008. And 36 percent say they have been sent malware via social-networking sites, a 69.8 percent increase.

(Source: NewsFactor Network)

Full story

NewsFactor Network

The U.S. Federal Bureau of Investigation is advising people to be careful when evaluating donation programs related to the earthquake in Haiti as one security firm is already seeing scam e-mails circulate. People should apply a "critical eye" to requests for financial donations following Tuesday's earthquake in Haiti, which caused an unknown number of deaths and severe damage to the country's infrastructure.

Scam e-mails are already emerging. Symantec noted a so-called 419-style e-mail that purported to come from the British Red Cross. A 419 scam, named after the number of a statute in Nigeria's criminal code banning the practice, is one in which an e-mail or a letter implores a person to send money for some bogus reason.

(Source: ComputerWorld)

Full story

ComputerWorld

Facebook is trying to strengthen security on its Web site with some outside help. Computer security company McAfee Inc. will now scan and repair the computers of Facebook users whose accounts have been compromised, the company said Wednesday. The scanning process will be added to the steps that Facebook already makes the users of such accounts go through if they want to reclaim their pages.

Facebook says spam and viruses affect a tiny percentage of its users. But hackers are increasingly targeting the social sites as they become a core part of the Web. Spokesman Barry Schnitt said Facebook spends a lot of time and resources to keep users' accounts secure.

(Source: AP)

Full story

AP

The cyber threat environment is constantly changing and becoming more challenging with every day that passes. Malware grew last year at the highest rate in 20 years. Multiple security reports showed that more than 25 million new strains of malware were identified in 2009.

Forecasts suggest that 2010 will again see unprecedented growth in malware and the trend is expected to continue for the foreseeable future. Not only will the cyber attack volume escalated dramatically, but the sophistication of malware delivery modalities will also become much more sophisticated and dangerous. In addition, social networking sites will become major targets of choice for cyber criminals.

(Source: Defense Tech)

Full story

Defense Tech

The new year will usher in some interesting new changes in the world of malware and cyber-attacks, according to one company's predictions for 2010. Watchful eyes will have to be kept on mobile phone apps, Google Wave accounts, file sharing and peer-to-peer networks -- cyber-criminals will target those in greater numbers, according to predictions released by Kaspersky Labs, a provider of Internet threat management solutions for combating malware.

"Given the growing sophistication of threats -- it's no longer just an e-mail saying, ‘Please click on this attachment,' and you get infected with something -- the schemes are much more elaborate than that," said Roel Schouwenberg, the company's senior malware researcher.

(Source: Government Technology)

Full story

Government Technology

A court in east China has handed down jail sentences of up to three years to 11 people for their roles in online gaming scams that netted them around 140,000 dollars, state media said. Lu Yizhong and Zeng Yifu wrote malicious Trojan horse viruses to steal 5.3 million user names and passwords from online gamers, which were then used for "illegal gains", the Xinhua news agency reported late Wednesday. Defendants Yan Renhai, his girlfriend Chen Huiting and other accomplices sold or used the viruses to steal online credits, the Gulou District People's Court in Jiangsu province found, according to Xinhua.

The number of Internet gamers in China reached 217 million at the end of June, or 64.2 percent of the nation's total online population.

(Source: AFP)

Full story

AFP

Internet users are being warned to watch out for a computer virus targeting popular social networking sites in the run up to Christmas.

Security experts say the new virus is "particularly nasty" and compels its victims to participate manually in creating a new Facebook account to help spread the worm. "The more people who use an application such as Facebook, or any other means of social networking, the more likely they are to be targeted by bad guys to send out malicious threats such as Koobface." The internet security company recommends that users do not reply to or follow links included in unsolicited Facebook messages and users should always carefully check that the URL they are entering is really that of the site they want to access.

(Source: FOX News)

Full story

FOX News

They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.

The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers. This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up advertisement that looks like some sort of virus scan. Often it's nearly impossible to get rid of the pop-up windows.

(Source: ComputerWorld)

Full story

ComputerWorld

What do phishing, instant messaging malware, DDoS attacks and 419 scams have in common? According to Cisco Systems, they're all has-been cybercrimes that were supplanted by slicker, more menacing forms of cybercrime over the past year.

In its 2009 Annual Security Report, due to be released Tuesday, Cisco says that the smart cyber-criminals are moving on. "Social media and the data-theft Trojans are the things that are really in their ascent," said Patrick Peterson, a Cisco researcher. "You can see them replacing a lot of the old-school things."

(Source: ComputerWorld)

Full story

ComputerWorld

The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.

The alliance, in a report released Thursday, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts. Lots of groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said Joe Buonomo, president and CEO of Direct Computer Resources, a data security products vendor.

(Source: ComputerWorld)

Full story

ComputerWorld

It’s not good news for IT cities. According to a report prepared by the Computer Emergency Research Team from the Union IT ministry, a total of 692 websites have been affected in September alone.

The unit has now asked the respective state governments to secure their own websites. “We have instructed all state governments to instal security measures, especially for those sites which contain sensitive data,’’ said a senior ministry official. Of the websites hacked, a whopping 74% belong to the dotin domain Most common hacking method is to steal password from administrator Hackers also enter web server and destroy the site Another method is to try and poison the URL.

(Source: The Economic Times)

Full story

The Economic Times

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.

The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect.

(Source: PC World)

Full story

PC World

Four men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said. FBI special agent said Ralsky, the self-proclaimed "Godfather of Spam," flooded email boxes with unwanted spam email and attempted to use a botnet to hijack computers to assist them in the scheme. A botnet is a network of computers infected by malicious software.

"Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal email advertisements," said assistant attorney general Lanny Breuer.

(Source: AFP)

Full story

AFP

A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world.

Just five years ago, hunting botnets, said DiMino, was a much different game. The botnets were fairly straightforward, he said, and the primary method of communication was the IRC (Internet Relay Chat). DiMino and other volunteers were able to act like criminals by joining a botnet, watching its traffic to get an understanding of how it was architected and learn more its particular function. They found their efforts were worthwhile as they began contacting network hosts, alerting them that were supporting the botnets and seeing them shutdown.

(Source: ComputerWorld)

Full story

ComputerWorld

A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters.

The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). ACH is a widely used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. In 2002, ACH was used for nearly 9 billion transactions worth more than $24.4 trillion.

(Source: ComputerWorld)

Full story

ComputerWorld

For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem.

(Source: TUAW News)

Full story

TUAW News

Australian internet provider BigPond has become the latest internet company to be targeted by hackers on Twitter, after one of its accounts was hijacked as part of a phishing scam.

Affected users received a private message from BigPondTeam saying "Hey, look at this," and directing them to follow a link that asked them to enter their Twitter password. The attack was part of an attempt to steal their credentials and potentially gain access to other services they use - such as their bank accounts or email services.

(Source: Guardian)

Full story

Guardian

An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges. According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.

(Source: ComputerWorld)

Full story

ComputerWorld

Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.

"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page. The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.

(Source: ComputerWorld)

Full story

ComputerWorld

The Swiss Foreign Ministry says it was the victim of a "professional" cyber attack aimed at obtaining information from its computer network. Spokesman Georg Farago says the ministry cut the connection between its network and the Internet after the attack was discovered on Thursday. He says specialists are trying to determine the source of the attack and whether any information was stolen.

Farago said Monday it appeared the Foreign Ministry was specifically targeted. Switzerland frequently plays host to international peace talks and other high-level negotiations.

(Source: AP)

Full story

AP

Nigeria's anti-corruption police is working with Microsoft to halt thousands of fraudulent emails in a crackdown on internet crime in Africa's most populous country, an agency spokesman said.

The Economic and Financial Crimes Commission (EFCC) said on Thursday its new project "Eagle Claw," expected to become fully operational within six months, is aimed at improving Nigeria's tarnished image as one of the world's top countries for internet crime. The agency said it has already shut down 800 scam websites and arrested 18 people.

(Source: Reuters)

Full story

Reuters 

Networks of hacked computers are being used more than ever to click on advertisements, a scam known as click fraud that cheats search engines, publishers and ad networks out of revenue.

For the third quarter of the year, 42.6% of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5% of bad clicks. Botnets are a powerful tool for hackers.

(Source: ComputerWorld)

Full story

ComputerWorld

Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online.

The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is — a "shopping" website. The trick is, the shopping site is not a real one. The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.

(Source: Fox News)

Full story

Fox News

Hotmail and several other Web e-mail providers were recently hit by phishing attacks that gleaned usernames and passwords.It's terribly insecure, but the string of digits 1234567 is a popular password on Hotmail, according to security researcher Bogdan Calin, who analyzed 9,843 stolen Windows Live Hotmail passwords that were posted on a Web site.

In a blog post, Calin said the following were the most common passwords in the Hotmail collection: 123456, 123456789, alejandra, 111111, alberto, tequiero, alejandro and 12345678.

(Source: ComputerWorld)

Full story

ComputerWorld

Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.

Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee. "Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine,"

(Source: Reuters)

Full story

Reuters 

Cyber-crime just doesn't pay like it used to. Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics.

Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims' servers with unwanted information.

(Source: ComputerWorld)

Full story

ComputerWorld

Twitter users should refrain from changing their log-in data until further notice or else risk getting locked out of their accounts. Twitter is investigating instances of users who have lost access to their accounts after modifying their usernames, passwords or e-mail addresses, the microblogging company said on Tuesday.

Until the problem is resolved, Twitter users shouldn't modify their log-in data, according to an official posting on Twitter's Status Web site. "This seems to affect new users as well as long term users," the note reads.

(Source: ComputerWorld)

Full story

ComputerWorld

For the fourth time this year, Adobe has admitted that hackers used malicious PDF documents to break into Windows PCs.

The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.

(Source: ComputerWorld)

Full story

ComputerWorld

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.

(Source: PCWorld)

Full story

PCWorld 

Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said.

"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."

(Source: ComputerWorld)

Full story

ComputerWorld

The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.

In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.

(Source: ComputerWorld)

Full story

ComputerWorld

IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.

And ironically, Sheran Gunasekera, head of research and development at ZenConsult, said the BlackBerry is one of the most secure smartphones available, in some ways better than the iPhone.

(Source: ComputerWorld)

Full story

ComputerWorld

Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.

The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.

(Source: AFP)

Full story

AFP

Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.

Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.

(Source: AFP)

Full story

AFP

In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves.

Hackers broke into the site and managed to access the real legal name, username and the partially masked passwords used by customers to log into the site. They then used the information to send very realistic looking phishing e-mails to PayChoice's customers directing them to download a Web browser plug-in to be able to continue using the onlineemployer.com service.

(Source: ComputerWorld)

Full story

ComputerWorld

US Homeland Security Secretary Janet Napolitano said Thursday that her department has received the green light to hire up to 1,000 cybersecurity experts over the next three years.

Kicking off "National Cybersecurity Awareness Month," she said the new recruits would "help fulfill the department's broad mission to protect the nation's cyber infrastructure, systems and networks." "Effective cybersecurity requires all partners -- individuals, communities, government entities and the private sector -- to work together to protect our networks and strengthen our cyber resiliency," Napolitano said.

(Source: AFP)

Full story

AFP

Cybersecurity researchers often scare the IT world with tales of brilliant and devious hacks: encryption cracking techniques, wi-fi booby-traps and undetected vulnerability data sold on the black market. But the most common path cybercriminals use to gain access to victims' PCs today, according to a new report, is far more mundane: buggy software that users and IT administrators fail to patch for months, long after fixes are publicly available.

The study to be released Tuesday by the security-focused SANS Institute states that the cybersecurity community is facing an epidemic of unpatched software, particularly widely used applications like Adobe Flash, Java and Microsoft programs like Word and PowerPoint.

(Source: Forbes)

Full story

Forbes

A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.

In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."

(Source: ComputerWorld)

Full story

ComputerWorld

Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue. DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users".

(Source: ComputerWorld)

Full story

ComputerWorld

A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.

Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade. Federal authorities say tens of millions of credit and debit card numbers were stolen. Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft.

(Source: AP)

Full story

AP

Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.

The e-mails invite recipients to open a document with information claiming the H1N1 flu virus was developed by pharmaceutical firms seeking to make huge profits from the outbreak, Pandasecurity said in a statement. But if the document is opened, a virus is installed on the person's computer which can steal personal information like bank account data.

(Source: AFP)

Full story

AFP

South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday. The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.

In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. The country already has a military cyber unit. South Korea, where 95 percent of homes have broadband, is among the top countries in terms of access to the high-speed Internet.

(Source: AFP)

Full story

AFP

Hong Kong is under siege from legions of "zombies" attacking people with spam and leaving in their wake a trail of destruction costing millions of dollars a year, analysts have warned.

There are an estimated 4,000 zombies active in Hong Kong and their criminal puppet masters use them to fire off thousands of messages offering products ranging from jewellery to pornography. According to the 2008 Annual Security Report by Internet security firm MessageLabs 81.3 percent of emails sent to Hong Kong computer users last year were spam, more than in any other territory or country in the world.

(Source: INQUIRER)

Full story

INQUIRER

There's still plenty of room for innovation today, yet the openness fostering it may be eroding. While the Internet is more widely available and faster than ever, artificial barriers threaten to constrict its growth. Call it a mid-life crisis. A variety of factors are to blame. Spam and hacking attacks force network operators to erect security firewalls.

"There is more freedom for the typical Internet user to play, to communicate, to shop — more opportunities than ever before," said Jonathan Zittrain, a law professor and co-founder of Harvard's Berkman Center for Internet & Society. "On the worrisome side, there are some longer-term trends that are making it much more possible (for information) to be controlled."

(Source: AP)

Full story

AP

Users of social networks are concerned about security but few are taking the steps necessary to protect themselves against online crime, according to a survey released on Wednesday.

Nearly 20 percent of those surveyed said they have experienced identity theft, 47 percent have been victims of malware infections and 55 percent have seen "phishing" attacks, in which hackers seek to capture password information. They also suggested that passwords be changed at least once a month and that friends or coworkers not be allowed to access one's personal computer.

(Source: AFP)

Full story

AFP

Fans searching for "Jessica Biel" or "Jessica Biel downloads," "Jessica Biel wallpaper," "Jessica Biel screen savers," "Jessica Biel photos," and "Jessica Biel videos" have a one in five chance of landing at a Web site that has tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware. McAfee's conclusion: Searching for the latest celebrity news and downloads can cause serious damage to personal computers.

"Consumers' obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer."

(Source: NewsFactor)

Full story

NewsFactor

Internet criminals might be rethinking a favorite scam for stealing people's personal information. A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.

To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.

(Source: AP)

Full story

AP

The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret. The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks.

Bombers struck targets throughout the country, and at the same time Georgian media and government sites fell under DDOS attack.

(Source: ComputerWorld)

Full story

ComputerWorld

A new hacking incident report warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter. Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to Internet security specialists.

(Source: AFP)

Full story

AFP

A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil.

Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter. A Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.

(Source: AP)

Full story

AP

The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.

Computer security experts disagree over the skill level of the DDOS (distributed denial-of-service) attacks, which over the course of a few days in early July caused problems for some of the Web sites targeted, including South Korean banks, U.S. government agencies and media outlets. The DDOS attack was executed by a botnet, or a group of computers infected with malicious software controlled by a hacker. That malware was programmed to attack the Web sites by bombarding them with page requests that far exceed normal visitor traffic. As a result, some of the weaker sites buckled.

(Source: ComputerWorld)

Full story

ComputerWorld

Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.

The fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the company's checkbook. By tricking the victim into running software, opening a harmful attachment or visiting a malicious Web site, the criminals are able to install keylogging software and steal bank account passwords.

(Source: ComputerWorld)

Full story

ComputerWorld

A growing number of South Korean companies are opening Twitter accounts to better connect with consumers and generate buzz for their products. However, industrial heavyweights such as Samsung Electronics, Hyundai Motor, SK Group and Lotte Group are not among them. Should they decide to join the 140-word Web phenomenon, they will have to acknowledge that they will be unable to use their own corporate brands.

A Twitter account created under Samsung's name has been currently suspended by the Internet company due to "strange activity," which could mean anything from service violations, technical abuse and spam distribution.

(Source: The Korea Times)

Full story

The Korea Times

The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia - but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.

"It told us how quickly many people really took Twitter into their hearts," Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday. Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip. Twitter "is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it."

(Source: AP)

Full story

AP

A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products.

"This is maybe one of the top European centers of crap," he said in an e-mail interview. Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity.

(Source: PCWorld)

Full story

PCWorld

Micro-blogging service Twitter and social networking site Facebook have been severely disrupted by hackers. Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.

The popular sites were subject to so-called denial-of-service attacks on Thursday, the companies believe. Denial-of-service (DOS) attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.

(Source: BBC)

Full story

BBC

A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.

Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.

(Source: AP)

Full story

AP

Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites -- name, date of birth, address, job details, email and phone numbers -- is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of Internet enthusiasts, said.

A vicious virus Koobface -- "koob" being "book" in reverse -- has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.

(Source: AFP)

Full story

AFP

Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.

The US software giant said that the security update would be automatically installed for Internet Explorer users who have automatic updating enabled on their computers but would need to be installed manually by other users. "These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.

(Source: AFP)

Full story

AFP

Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."

The U.S. Cyber Challenge initiative will bring together three cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. The organizers of the U.S. Cyber Challenge also plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.

(Source: ComputerWorld)

Full story

ComputerWorld

The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.

This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. They're the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.

(Source: ComputerWorld)

Full story

ComputerWorld

Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another." The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites.

(Source: AP)

Full story

AP

Hackers will soon gain a powerful new tool for breaking into Oracle Corp's (ORCL.O) database, the top-selling business software used by companies to store electronic information.

Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking. The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web.

(Source: Reuter)

Full story

Reuter

The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.

About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study. "Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure -- and the sensitive data stored on it -- at risk," the Sophos report said.

(Source: Reuter)

Full story

Reuter

The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst. The address is registered to Global Digital Broadcast in the U.K. "Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker," Nguyen wrote.

The results contradict assertions made by some in the U.S. and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered.

(Source: ComputerWorld)

Full story

ComputerWorld

As such, Facebook is quickly becoming a hotbed of activity for all kinds of malware and financial scams. With 200 million registered users, Facebook represents an ocean of fish which are all accessible in one convenient place. It helps that many Facebook users are relatively unsophisticated at the web and especially the complex security issues surrounding it, and are thus more susceptible to attacks delivered via the social network.

Facebook says it's doing its part to fight the problem, but it can't monitor every bit that passes through its servers. Less than 1 percent of its users have been victimized over the last five years, it says. That sounds good, until you realize that could be up to 2 million people, hardly a drop in the bucket.

(Source: Yahoo)

Full story

Yahoo

Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.

(Source: AFP)

Full story

AFP

South Korean police said they have arrested a hacker for staging cyber attacks similar to those that crippled domestic and US websites this week.

The 39-year-old identified only as Choi is accused of paralysing the homepage of the government Game Rating Board by using a distributed denial-of-service (DDoS) method.

Choi was an agent for software developers seeking approval from the board for new games. Because he failed to finish one job on time, he crashed the site to create an excuse for his tardiness. Choi is accused of buying a hacking programme from an ethnic Korean in China.

(Source: AFP)

Full story

AFP

Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.

The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.

Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.

(Source: AFP)

Full story

AFP

A denial of service attack that took down some of South Korea's highest profile Web sites on Wednesday is set to resume Thursday evening, according to computer security specialist AhnLab. The attack will restart at 6pm local time (9am GMT) and be directed at a smaller number of sites that those hit a day earlier. They will include government Web sites and the home pages of the Chosun Ilbo newspaper and Kookmin Bank.

A denial of service attack involves sending a massive volume of traffic to a Web site so that it becomes overloaded. While some users will occasionally be able to access the site being attacked most will see nothing until a network time-out message appears.

(Source: ComputerWorld)

Full story

ComputerWorld

A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.

The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).

(Source: ComputerWorld)

Full story

ComputerWorld

A series of cyber-attacks that targeted and paralyzed government networks and leading portal servers Tuesday and Wednesday are raising concerns that the world's self-proclaimed Internet powerhouse is prone to hacking and other cyber security threats.

The prosecution and police launched an investigation Wednesday to track the origin of hackers who hijacked a dozen local Internet sites, including those run by Cheong Wa Dae, the National Assembly, the Ministry of National Defense and top Web portal Naver, from Tuesday evening to Wednesday morning.

(Source: The Korea Times)

Full story

The Korea Times

A U.S. district court has ordered key players in an international spam ring to give up $3.7 million that they made by sending out illegal e-mail messages pitching bogus hoodia weight-loss products and a “human growth hormone” pill they claimed reversed the aging process.

In a Federal Trade Commission law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and the CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.

(Source: Federal Trade Commission)

Full story

Federal Trade Commission

Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said as it warned that more junk mail was in the offing. Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of "Confidential -- Michael Jackson."

The spam wasn't pitching a product or leading users to a phishing or malware Web site. Instead it was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.

(Source: ComputerWorld)

Full story

ComputerWorld

Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.

Launching Britain's first national cyber security strategy, security minister Alan West said hostile states and criminals were increasingly attacking British interests online and al Qaeda and like-minded groups were seeking the ability to do so.

"We know that various state actors are very interested in cyber warfare," West, a junior minister at the Home Office (Interior Ministry), told reporters. "The terrorist aspect of this is the least (concern), but it is developing."

(Source: Reuter)

Full story

Reuter

Recently scammers have become more aggressive on the site. They will set up new accounts and post spam messages on hot topics in hopes of gaining clicks when people search through Twitter.

And while hacked Twitter accounts are still rare, they're a much more effective way to reach victims, according to Rik Ferguson, a researcher with Trend Micro. "If you can take over an account that has a couple of thousand followers then you can get a much better return on your investment."

(Source: ComputerWorld)

Full story

ComputerWorld

China will limit the number of messages that a mobile number can send per day to battle rampant spam messages clogging cell phones, state media said on Friday.

Spam messages, largely consisting of real estate offers, ads for English lessons, fake tax receipts and other frauds have grown very quickly in China in recent years. It is not unusual to receive dozens of messages a day, including the odd gun ad.

One mobile number cannot send more than 200 messages per hour or 1,000 per day on weekdays, according to the agreement. On holidays, 500 messages per hour and 2,000 per day may originate from one number.

(Source: Reuter)

Full story

Reuter

An alleged spammer could face jail time in connection with a Facebook lawsuit after a judge referred him to the U.S. Attorney General's Office for criminal proceedings.

Judge Jeremy Fogel of the U.S. District Court for the Northern District of California referred Sanford Wallace (who has been dubbed a "spam king" for his long and aggressive history in e-mail marketing) l to the U.S. Attorney General's Office for criminal proceedings for allegedly violating an injunction that prohibited him from accessing Facebook.

Facebook filed a lawsuit against Wallace and two other men in February for spamming and phishing schemes through the social-networking site. The following week, Judge Fogel issued a temporary restraining order barring Wallace and two other alleged spammers, Adam Arzoomanian and Scott Shaw, from accessing Facebook's network.

(Source: PCWorld)

Full story

PCWorld

"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.

Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.

(Source: ComputerWorld)

Full story

ComputerWorld

Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month. That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec.

These botnet computers can be rented out on the black market by anybody, but in recent months some spammers have been moving away from botnets, experimenting with a new way to sneak their unwanted e-mail past corporate filters, according to Adam O'Donnell, a researcher with antispam vendor Cloudmark.

(Source: PCWorld)

Full story

PCWorld website

At the recent RSA Conference 2009 in San Francisco, United States, McAfee CEO DeWalt called for a global security architecture.

"Security threats are on the rise as the economy declines, and the solution will likely come from collaborative partnerships that span all IT platforms and international boundaries." "DeWalt painted a grim picture of the security landscape. Consumer confidence has gone down while unemployment and has risen, he said. And as the economy has gone into a tailspin, cybercrime has seen a sharp upward spike, with more malware detected in 2008 than in the previous five years combined. Last year, 80 percent of cybercrimes were financially motivated, he added."

"Many organizations are vastly underprotected or fail to regularly update patches and security software, which have opened up copious threat vectors for attackers, DeWalt said. In addition, the explosion of malicious threats in the last year can also be attributed to lack of user education and best security practices, as well as lack of comprehensive security." "One of the solutions, DeWalt proposed, would be to build comprehensive security architecture across numerous IT platforms that would be able to interoperate with companies' existing network infrastructure. That architecture would ultimately allow organizations to create correlating reports for every department and system, while allowing greater overall visibility into their organization's network, DeWalt said." "Cross-platform collaboration provides IT administrators a panoramic view into their network and allows communication across the threat vectors to shore up otherwise unseen security holes." "That same type of collaborative architecture will ultimately be required to extend across international borders and throughout global networks as the threats continue to become more sophisticated and the attacks more prevalent, DeWalt said. "The most depressing part of this is that we do not have a global architecture in place," he said. "We need to work together. Undoubtedly, (attacks) will continue to increase."

Read the full story on ChannelWeb.

A new report of the mobile industry shows that some progress has been made by the 26 mobile operators signed up to the "European Framework for Safer Mobile Use by Younger Teenagers and Children” brokered by the Commission in February 2007 (IP/07/139). These operators serve around 580 million customers, 96% of all EU mobile customers. "The new report of the mobile phone industry association shows that mobile operators have started to take seriously their responsibilities to keep children safe when using phones," said EU Telecoms Commissioner Viviane Reding.

50% of 10 year-old, 87% of 13 year-old and 95% of 16 year-old children in the EU have a mobile phone, but half of European parents worry mobile phone use might expose their children to sexually and violently explicit images (51%) or bullying by other children (49%), according to a survey. The European Commission today called on mobile operators to do more to keep children safe while using mobile phones by putting in place all the measures in the voluntary code of conduct, signed by 26 mobile operators in 2007. The report published by the GSM Association, the trade body of the mobile phone industry, showed that national self-regulatory codes based on the framework agreement brokered by the European Commission now exist in 22 Member States, 90% of them in line with the 2007 agreement, and 80% of operators have put in place measures to control child access to adult content.

Read the full EC press release from 20 April 2009 here.

More information on the GSMA report onimplementation of the framework agreement on "Safer Mobile Use by Younger Teenagers and Children" can be found here.

The British Computer Society (BCS)'s website shares information and advice on how to stay safe while shopping online in a set of "Golden Rules" compiled by Global Secure Systems (GSS).

The twelve golden rules to safely shopping online include the below (detailed information available on the BCS website):

1. Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files and operating system updates from Microsoft.
2. Never go online without ensuring you have your personal firewall enabled.
3. Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some
4. Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
5. Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
6. Be sure to use a credit card and not a debit card.
7. Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
8. Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details. 
9. Make a habit of checking the site's privacy policy for details of how your personal information will be used and only provide the minimum of personal information, especially in online forms.
10. Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam). 
11. It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server.
12. Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!

The full set of "Golden Rules to Safe Internet Shopping" can be found here.

For more information see the British Computer Society (BCS) and Global Secure Systems (GSS) websites.

ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.

The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.

To enter the competition you need to submit an essay on one of the following essay topics:

• Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
• Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
• Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
• Personal Information Online (internet/mobiles): Responding to User Safety Concerns

All applications should be submitted online through the competition website.

The deadline for applications is 14 June 2009.

We look forward to reviewing your applications and wish you the best of luck in the competition!

The Anti�]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.

The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."

"Law enforcement and anti�]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti�]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow�]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."

See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.

According to a article in the Indian Hindustan Times, "Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information. Over the past eight months, the Indian Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said. There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed. "We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.

"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity. A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa. The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December. But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system. "We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours. The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers. They have been asked to contact their service providers to unblock the site. "We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.

Read the full article here.

Press release issued simultaneously by ITU and European Commission.

Geneva, 10 February 2009 — ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online.

Children are among the most active — and most vulnerable — participants online. According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.

"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."

"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers." This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commission’s Directorate General for Information Society and Media has declared its full support for ITU’s Child Online Protection (COP) Initiative. The EC’s Ins@fe Network will launch a Safer Internet Day virtual exhibition which will host pavilions where visitors can learn more about initiatives undertaken by the 50 participating countries. ITU will host an online pavilion in support of EC’s efforts to raise awareness among youngsters aged 12 to 17 regarding the risks they may face online.

ITU and Child Online Protection (COP)

ITU’s motto is "committed to connecting the world", but we are also committed to connecting the world responsibly. That means working together to ensure cybersecurity, enable cyberpeace, and — more importantly — protect children online. While child online protection programmes exist in many developed countries, there are very few in the developing world today — and very little coordination between them. ITU established the Global Cybersecurity Agenda (GCA) and launched the Child Online Protection (COP) initiative. COP aims to bring together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere.

See the press release here.

NYTimes writes that "A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be. In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world."

"Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys. Experts say it is the worst infection since the Slammer worm exploded through the Internet in January 2003, and it may have infected as many as nine million personal computers around the world."

This article was accessed through Dave Farber's list.
See the full article in NYTimes here.

A recent ITU study dedicated to the "Financial Aspects of Network Security: Malware and Spam" (July 2008) reviews some of the current leading thinking and research on the economics of cybersecurity. The full study can be found here.

Security flaws are often due to perverse incentives rather than the lack of suitable technical protection mechanisms. As individuals and companies do not bear the entire costs of cyber incidents, they do not tend to protect their system in the most efficient way. If they did support all the financial consequences, they would have stronger incentives to make their network more secure for the good of all interconnected networks. Measures to improve information security enhance trust in online activities and contribute directly and indirectly to the welfare gains associated with the use of information and communication technologies (ICTs).

However, some expenditure on security is only necessary because of relentless attacks by fraudsters and cyber-criminals that undermine and threaten trust in online transactions. Such costs are not welfare-enhancing but instead a burden on society. Two vectors through which such attacks are carried out are malware and spam. During the past two decades, the production and dissemination of malware has grown into a multibillion dollar business. Damages created by fraudulent and criminal activities using malware and the costs of preventative measures are likely to exceed that number significantly. Malware puts the private and the public sector at risk because both increasingly rely on the value net of information services. Spam and malware have multifaceted financial implications on the costs and the revenues of participants in the ICT value chain. The costs carried by all stakeholders across the value network of information services are affected directly and indirectly by this. But most of the financial flows between the legal and illegal players in the underground cybercrime economy are only partially known. The ITU study is a survey of existing resources and data available when it comes to the economics and financial aspects of cybersecurity.

Access the ITU study on the "Financial Aspects of Network Security: Malware and Spam" (July 2008) here.

The ITU Regional Cybersecurity Forum for Asia-Pacific, and related Seminar on the Economics of Cybersecurity was held in Brisbane, Australia, 15-18 July 2008.

The regional cybersecurity forum, which was hosted by the Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders. The forum, one in a series of regional cybersecurity events organized by the ITU Development Sector (ITU-D), was held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. 

Approximately 90 people from 27 countries participated in the event, from the Asia-Pacific region, the Pacific Islands, as well as from other parts of the world. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Asia-Pacific, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.

The day prior to the start of the ITU Regional Cybersecurity Forum for Asia-Pacific, 15 July 2008, was dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity. Throughout the seminar the participants learned about the pervasive incentives and the new revenue streams that are created from malware and spam, how they enable legitimate business models (e.g., anti-virus and anti-spam products, infrastructure, and bandwidth) as well as fraudulent and criminal ones (e.g., renting out of botnets, bullet proof hosting, commissions on spam-induced sales, pump and dump stock schemes). Distinguished experts in this area explained how malware and spam create mixed and sometimes conflicting incentives for stakeholders, which complicate coherent responses to the problem. An ITU Study on the Financial Aspects of Network Security: Malware and Spam was presented and discussed at the event.

See the event website for more information.

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), which aim to clarify the Act’s requirements.

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Continue reading the news release here.

BBC News recently reported the arrest of five hackers described as being among the most active on the internet. The hackers, who include two 16-year-olds, are accused of disrupting government websites in the United States, Asia and Latin America. Spanish police say the hackers co-ordinated attacks over the internet and hacked into 21,000 web pages over two years.

Read the full report here.

Information Security experts recently revealed that government networks in Blighty and UN computers have been hacked and ensnared in a botnet. According to Websense, the attacks happened in March using some sort of SQL injection. It was said that the number of computers compromised is impossible to know but an estimate could be around 100,000 URLs. "A victim reaching a hacked site will be redirected a different page, hosted on a Chinese server. The IP address keeps changing within the JavaScript making it hard to locate."

Read the full article here.

Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.

Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.

Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.

Read the full news article on the ITU-T newslog.

Dan Kaminsky, director of Penetration Testing IOActive, Inc., gives a presentation on wildcard and NXDOMAIN redirection services. It discusses typosquatting, DNS ad injection, and provides several examples showing how these phishing trends work. Basically, it is quite possible for non-existent domains to be created validly on any random server, and to be near undetectable. Kaminsky concludes that "even small amounts of failed net neutrality can lead to catastrophic side effects on Internet security" and that "even if everything was 100% SSL, if the ISP could require code on the box, they could still bypass the crypto, and alter the content."

Access Dan Kaminsky's full presentation here.

On 15 November 2006, a Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software had been released. "The Commission Communication on a Strategy for a secure Information Society aims at improving the security of network and information at large and invites the private sector to address vulnerabilities in network and information systems that can be exploited to spread spam and malicious software. The Commission Communication on the Review of the EU Regulatory Framework proposes new rules to strengthen security and privacy in the electronic communications sector." This Communication deals with the evolution of spam, and threats such as spyware and malicious software. It also takes stock of efforts made so far to fight these threats and identifies further actions that can be taken, including strengthening Community law, law enforcement, cooperation within and between Member States, political and economic dialogue with third countries, industry initiatives, and R&D activities.

Among the proposed actions in this Communication are:

1. Member States and competent authorities are called upon to lay down clear lines of responsibility for national agencies involved in fighting spam, ensure effective coordination between competent authorities, involve market players at national level, drawing on their expertise and available information, ensure that adequate resources are made available to enforcement efforts, and subscribe to international cooperation procedures and act on requests for cross border assistance.
2. Companies are encouraged to ensure that the standard of information for the purchase of software applications is in accordance with data protection law, contractually prohibit illegal use of software in advertisements, monitor how advertisements reach consumers and follow up on malpractice, and e-mail service providers to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering.
3. The Commission aims to continue efforts in raising awareness and fostering cooperation between stakeholders. It also aims to continue to develop agreements with third countries including the issue of the fight against spam, spyware and malware, introduce new legislative proposals that strengthen the rules in the area of privacy and security in the communications sector, present a policy on cyber crime, involve ENISA expertise in security matters, and support research and development in its FP7 program.

With the accelerating development and spread of spam, spyware and malicious software, "the Commission is using its role as an intermediary to create greater awareness about the need for greater political commitment to fight these threats."

Read the full Communication here.
More on European Union Laws here.

The Washington Post's Security Fix features an article on vishing scams reporting three recent vishing attacks and how these attacks were done. According to the article, a series of well-orchestrated wireless phone-based phishing attacks against several financial institutions took place last week illustrating how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.

"The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down)."

The article also pointed out the importance of installing the latest security updates on the Web servers as well as the use of non-obvious passwords to help mitigate these kinds of vishing attacks.

Read the full article on the Washington Post.

On 11 March 2008, the Initiative for the Regional Integration of South American Infrastructure (IIRSA) and the Inter-American Communications Commission (CITEL) jointly organized at the Inter-American Development Bank (IDB) headquarters a workshop on International Roaming Services for Mobile Telecommunications, the first component of an IDB Technical Cooperation to support the project known as Implementation of a Roaming Agreement in South America, included in IIRSA’s Implementation Agenda Based on Consensus. Following this event was the XII meeting of the Permanent Consultative Committee on Telecommunications I (PCC.I) of CITEL, held at the IDB’s headquarters, in Washington D.C., from 12 through 14 March 2008, during which telecommunication-related topics deemed important for the region were discussed, such as the coordination of standards for telecommunication networks and services, convergence, analysis of cybersecurity issues and critical infrastructure and the use of telecommunications in emergencies, among others.

A presentation on the Overview of ITU-D Activities Related to Cybersecurity and Critical Information Infrastructure Protection was given by Robert Shaw, head of the ICT Applications and Cybersecurity division, during the CITEL meeting, providing background information on ITU, cybersecurity, related ITU key activities underway, and an outline of the Framework for Organizing a National Approach to Cybersecurity. Specific cybersecurity-related activities and initiatives as well as a case study on botnets were also presented. 

Another presentation on Management Framework for Organizing National Cybersecurity/CIIP Efforts was given by Joe Richardson, further discussing the ITU Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self-Assessment Toolkit.

For more information on CYB's activities involving cybersecurity, visit the division website.

Websense Security Labs has discovered that Google’s popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to create bots that are capable of signing up and creating random Gmail accounts for spamming purposes. Websense believes that from the spammers’ perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide portfolio of services. Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis. According to Websense, these accounts could be used by spammers at any time for abusing Google’s infrastructure. A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google.

A detailed analysis report is provided showing the entire process of the CAPTCHA breaking hosts. Read more about the analysis report here.

According to the Washington Post, new research from Damballa suggests that the Storm worm has its roots in "Bobax worm," a computer worm that first surfaced as early as 2004. Bobax spread by exploiting various vulnerabilities in the Microsoft Windows operating system, and turned infected machines into spam-spewing zombies. Damballa researcher Chris Davis asserts that the Storm worm actually first surfaced in late 2006 as seen on this SANS Internet Storm Center alert on 29 December 2006. On 19 January, F-Secure reported receiving a flood of spam advertising new versions of Storm. Researchers soon discovered that all infected systems were controlled using the eDonkey peer-to-peer file (P2P) communications protocol, the same technology and networks used by millions of people to share movies and music online. Paul Royal, Damballa's principal researcher said "they basically took Bobax and made all of them become Storm victims, and then started the propagation of Storm through that method. So Storm used a big botnet to bootstrap itself, and it was the vehicle by which Storm became very popular very quickly." Damballa estimates that roughly 17,000 systems remain infected with Bobax.

Read the full article on the Washington Post.

With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.

"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"

Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."

Read the full article on The Guardian.

Nnamdi Chizuba Anisiobi, age 31, of Nigeria; Anthony Friday Ehis, age 34, of Senegal; and Kesandu Egwuonwu, age 35, of Nigeria have pleaded guilty to charges related to spam e-mail that promised U.S. victims millions of dollars from an estate and a lottery, the U.S. Department of Justice announced Wednesday. The three were arrested in Amsterdam on Feb, 21, 2006. One of the case scenarios was an e-mail sent by the defendants to thousands of potential victims purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately US$55 million to charity. According to the DOJ, the fraud victims lost $1.2 million by giving the defendants advance fees. "Anisiobi pled guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Ehis pled guilty to one count of conspiracy and five counts of wire fraud. Egwuonwu pled guilty to one count of conspiracy, three counts of wire fraud and one count of mail fraud. The maximum penalty for mail and wire fraud is 20 years in prison. The conspiracy charge carries a maximum penalty of five years in prison." A fourth defendant, Lenn Nwokeafor, was also reported to have fled to Nigeria. He was subsequently arrested by the Nigerian Economic & Financial Crimes Commission on July 27, 2006, and is now being held by the Nigerian authorities pending extradition to the U.S..

Read the full article on The New York Times.

Net-Security.org recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.

Read the full interview here.

According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent."

Read the full article on The Register.
Read relevant article on Slashdot.

E360 Insight, LLC filed a complaint against Comcast Corporation on 15 January 2008 accusing the latter of unfairly blocking e360’s e-mail from reaching subscribers. According to e360, in one typical instance, e360 received an error message stating that it’s e-mail was blocked from reaching subscribers because Comcast’s filters determined that e-mail from e360’s servers had been "sent in patterns which are characteristic of spam." According to Direct magazine's report, "the complaint claims that Comcast’s alleged interference with e360’s business relationships cost the firm $4.5 million a year from 2005 through 2007. The complaint also accuses Comcast of sending e360 bogus bounce information, causing the marketer to remove e-mail addresses from its file that were still active. The suit claims the false bounce information cost it almost $2.5 million." E360 asks for more than $12 million in compensatory damages and $9 million in punitive damages from the accused.

Read the full complaint here.

The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. 

Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.

According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.

Read the full article on the Washington Post.

Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."

According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences. 

Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.

For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.

The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.

According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.

Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.

Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:

The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:

The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.

Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system, but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.

Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.

Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new request format is:

GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0

Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.

Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.

The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.

Read the full article on the OPTA website.

ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.

For further information, read ENISA's press release or access the full ENISA Position Paper.

USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.

The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."

Read the full article here.

The Background Information on ITU Botnet Mitigation Toolkit is now available online and may be accessed on the ITU ICT Applications and Cybersecurity (CYB) Division's Botnet page. A Powerpoint presentation of the Project Overview is also available. For more relevant information, visit the CYB website.

John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.

Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.

The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.

To read the full article, visit the Los Angeles Times.
Related article also availabe here.

Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.

Email Submission Operations: Access and Accountability Requirements by Carl Hutzler, Dave Crocker, Pete Resnick, Eric Allman, and Tony Finch has recently been released as Best Current Practice (BCP) 134. This document provides recommendations for constructive operational policies between independent operators of email submission and transmission services to mitigate the propagation of spam and worms. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. For more information, click here.

A bogus email is circulating claiming to be from the Federal Trade Commission and referencing a "complaint" filed with the FTC against the email’s recipient. The email includes links and an attachment that download a virus. As with any suspicious email, the FTC warns recipients not to click on links within the email and not to open any attachments. This mailcious email appears to have a phony sender’s address, "frauddep@ftc.gov" and also spoofs the return-path and reply-to fields to hide the email’s true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax. Recipients should forward the email to spam@uce.gov and then delete it. Emails sent to that address are kept in the FTC’s spam database to assist with investigations.

More information on this spam report at the Federal Trade Commission website.

Brandon Enright, a network security analyst at University of California, San Diego, recently presented his findings at the Toorcon hacker conference in San Diego indicating the steady shrinking of the Storm Worm Botnet. According to Enright, it is now about 10 percent of its former size. Enright has been tracking Storm since July. "He has developed software that crawls through the Storm network and he thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer." Enright asserts that the numbers are far less terrifying though saying that in July, Storm appeared to have infected about 1.5 million PCs with 200,000 of which being accessible at any given time. He said that "a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."

According to Enright, the Storm Worm botnet started to dwindle in July when antivirus vendors began stepping up their tracking of Storm variants and got a lot better at identifying and cleaning up infected computers. With Microsoft's added Storm detection (Microsoft's name for Storm's components is Win32/Nuwar) into its Malicious Software Removal tool available with every Windows system, which was released on September 11, Storm infections dropped by another 20 percent overnight. Enright's most recent data counts 20,000 infected PCs available at any one time, out of a total network of about 160,000 computers.

To read the full article, click here.

After Japan's Internal Affairs and Communications Ministry signed a joint statement with the German Federal Economics and Technology Ministry in July, Japan continues to exert concerted effort to tackle the issue of spam. "The ministry has regularly exchanged opinions on the issue at multilateral meetings, such as those of the International Telecommunication Union and the Asia-Pacific Economic Cooperation Conference... France and other countries, with which Japan has established a close partnership on the issue, have gone a step ahead of Japan by introducing an "opt-in" system, under which people are not permitted to send ad e-mails without the prior consent of the people to whom they intend to send them." Opinions concerning fines and punishment for spammers appear to be quite divided among countries though with some countries charging heavier fines than others.

Read the full article here.

An article on CIO, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, provides a detailed account of Don Jackson's discovery of Gozi, 76service.com and the new online crime economy. It also illustrates the evolution of online crime from trojans to sophisticated networks selling bot services. Don Jackson is a security researcher for SecureWorks, one of dozens of boutique security firms that have emerged to deal with the Internet security. From an executable file, Gozi, that Jackson discovered on a friend's computer, he was led to this professionally-run business-like network, later identified as the 76service.com, where he uncovered a "3.3 GB file containing more than 10,000 online credentials taken from 5,200 machines—a stash he estimated could fetch $2 million on the black market." It was also mentioned that "Lance James’ company Secure Science discovers 3 million compromised login credentials—for banks, for online email accounts, anything requiring a username and password on the Internet—and intercepts 250,000 stolen credit cards. On an average week, Secure Science monitors 30-40GB of freshly stolen data, 'and that’s just our company,' says James."

Read the full account of Don Jackson on the CIO website.

A paper on wealth of Internet miscreants, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," is available online on the ICSI Center for Internet Research website. The paper discusses "an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, [the researchers] measure how the shift from “hacking for fun” to “hacking for profit” has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year."

To access the paper, click here.

The Washington Post recently reported on the Russian Business Network, an Internet business based in St. Petersburg which has become a world hub for Web sites devoted to child pornography, spamming and identity theft. Cybercrime groups including those responsible for about half of last year's incidents of phishing are said to be operating from the company's computer network system.

"The company 'is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations,' Symantec analysts wrote in a report. 'It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials...' But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult. 'They make money on the services they provide,' he said -- the illegal activities are all carried out by groups that buy hosting services... In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. 'In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation,' Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint."

Read the full article here.

A MAAWG document was recently released entitled "MAAWG Best Practices for the Use of a Walled Garden." This white paper discusses the criteria for exit and entry, remediation and subscriber education regarding walled garden. The primary goal of these practices is to help end-users become aware of and remove unwanted programs or malware residing on their personal computers and to stop the network from being used for abusive purposes. To access the white paper, click here. More information on MAAWG activities here.

An essay published at Wired.com by Bruce Schneier, CTO of BT Counterpane and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, gives a brief overview on the Storm worm botnet. "Gathering 'Storm' Superworm Poses Grave Threat to PC Nets" describes how this massive botnet started from an email attachment and progressed into a 1 million to 50 million infected computers. The article also gives a rundown of Storm's behavior.

Read the full article here.
Read more of Schneier's blog entries at "Schneier on Security."

According to an article by Sharon Gaudin on InformationWeek, cybercriminals are splitting up their giant botnets, which have been diligently built up in the recent months, into smaller pieces to make them more agile, more easily hidden from detection, and easier to manage.

Iftach Amit, director of security research at security company Finjan tells InformationWeek that "smaller botnets get the job done, but smaller botnets generate a lot less traffic. That makes them harder to detect because they make much less noise. They fly under the radar when you're looking for anomalies in behavior." He adds that many botnets are operated from a single command center. If security researchers or law enforcement find that command center, the botnet is effectively shut down. However, if the hacker splits the botnet up into several smaller botners, each with its own command center, if one goes down, the others remain operational.

No apparent news yet link the Storm worm botnet to this trend. It was noted, however, that the Storm worm botnet is not controlled by one command center, which has made it difficult for researchers to shut it down.

Read the full article here.

HKDNR, together with the Office of Telecommunications Authority (OFTA), HK Police Force, Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and other agencies, dedicates much effort in implementing all possible measures to strike .hk domain names that are related to phishing or spamming sites.

"HKDNR is kept updated daily on a spamvertised domain list so that more comprehensive monitoring can be maintained and immediate action can be carried out against these domains. Any domains that are verified as phishing / spamming will be suspended immediately. According to the information published in mid June in AbuseButler on the top 800 spamvertised domains worldwide over the previous 4 weeks, the number of reports on .hk spamvertised domains accounted for 2.3 % of the total reports received. In early August, the number of reports on .hk spamvertised domains dropped to 0.3 % of the total reports received."

Read the full article at the HKIRC Newsletter (September 2007).

The Anti-Malware Engineering Team, the team that builds the core antivirus, antispyware, anti-rootkit, and related technology used across a number of Microsoft products and technologies, posted on their blog recent "Storm" worm statistics based on the latest release of the Malicious Software Removal Tool (MSRT) developed and updated by Microsoft’s Malware Protection Center (MMPC). According to the Anti-Malware Engineering Team, as of 2PM on Tuesday, PDT, 18 September 2007, "the Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this month’s MSRT from 2,574,586 machines." It has also been reported that another anti-malware researcher who has been tracking these recent attacks presented data that shows that the team knocked out approximately one-fifth of "Storm's" Denial of Service (DoS) capability on 11 September. No continued decrease was evident though since the first day which was presumably due to a newer version of the software that the criminals behind the deployment of the "Storm" botnet has apparently immediately released.

Read the full article here.

Sophos recently reported on the hefty jail sentences that the pump-and-dump stock spam gang faces today. 47-year-old Michael Saquella (also known as Michael Paloma), 63-year-old Lawrence Kaplan, 38-year-old Henry Zemla and 26-year-old Justin Medlin have all pleaded guilty to being part of an international gang that spammed out fraudulent news stories to create artificial demand in stocks, pumping up the share price of 15 small companies (Beverly Hills Film Studios; Body Scan; Cor Equity Holdings; Courtside Products; eDollars, IFINIX; Integrity Messenger; Latin Heat Entertainment; Motion DNA; PokerBook Gaming; TKO Holding; Trans-Global Holdings; V3 Global; Xtreme Technologies; and Zuma Beach Entertainment) and raising more than $20 million from investors. The four men are now facing between 5-10 years in prison.

"Pump and dump stock campaigns work by spammers purchasing stock at a cheap price and then artificially inflating its price by encouraging others to purchase more (often by spamming "good news" about the company to others). The spammers then sell off their stock at a profit. Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from 0.8 percent in January 2005. Earlier this year, Sophos reported how the US Securities and Exchange Commission (SEC) had suspended trading in 35 companies as they were found to be commonly referenced in pump-and-dump stock email campaigns."

Read the full article here.

A presentation on the ITU-D Cybersecurity Initiatives was given today, 24 September 2007, by Robert Shaw, head of the ICT Applications and Cybersecurity Division of the Telecommunication Development Sector to the ITU-T Study Group 17. The ITU Cybersecurity Work Programme to Assist Developing Countries, the ITU-D Study Group Question 22/1, the Self-Assessment Toolkit and the ITU Botnet Mitigation Toolkit were discussed among others. More on the ITU-T Study Group 17 here.

According to an article in Computer Weekly, Arbor Networks' Third Annual Worldwide Infrastructure Security Report highlights botnets and the increased size of distributed denial of service (DDoS) attacks as a growing threat to ISPs. For the first time, botnets surpassed DDoS attacks as the top threat identified by service providers. [Via ISN]

InfoWorld has announced the 2007 Bossie Awards for the Best of Open-Source Software. Awards were given to 36 winners across 6 categories. Among the honorees are SpamAssassin, ClamAV and Nessus in security, Wireshark and Azureus Vuze in networking, and ZFS for storage.

Read more of this story at InfoWorld.

An article on The Economist discusses RBN (Russian Business Company), the threats it poses to global cybersecurity, and the lack of cooperation from the Russian government. VeriSign classifies RBN as "“the baddest of the bad"”. The anonymity of the group and its senior figures who are only known through their nicknames, and the apparent backing of politicians have led to the continuing success of its operations. "'“RBN is a for-hire service catering to large-scale criminal operations,”' says the report. It hosts cybercriminals, ranging from spammers to phishers, bot-herders and all manner of other fraudsters and wrongdoers from the venal to the vicious. Just one big scam, called Rock Phish (where gullible internet users were tricked into entering personal financial information such as bank account details) made $150m last year, VeriSign estimates." Another difficulty RBN poses is its ability to fight back. This had been evident in the Rock Phish attack to the National Bank of Australia in October 2006. After taking active measures against the attack, RBN fought back by taking down the bank’s home-page for three days.

Despite VeriSign having tracked down the physical location of RBN’s servers and the Western law enforcement officers' pressure on their Russian counterparts to pursue the investigation vigorously, RBN remains confident and active. According to VeriSign, "only strong political pressure on Russia will make the criminal justice system there deal with this glaring example of cyber-illegality."

To read the full article, go to The Economist.

Dancho Danchev’s blog has a post on the agressiveness of the Storm Worm botnet:

“Stage one - infect as many end users with high speed Internet access as possible through the use of client side vulnerabilities. Stage two - ensure the longest possible lifecycle for the malware campaign by having the newly released binaries hosted at the infected PCs themselves. Stage three - take advantage of fast-flux networks to make it harder to shut down the entire botnet. And stage four - strike back at any security researcher or vendor playing around with Storm Worm's fast-flux network or somehow messing up with the malicious economies of scale on a worldwide basis. On Friday I received an email from Susan Williams at aa419.org, and as it looks like several other anti-fraud sites are getting DDoS-ed too :

"On September 2 2007, online scammers began an automated DDoS attack against aa419.org, with the goal of shutting down the anti-fraud site. For some time, aa419 was able to filter the worldwide botnet's attacks by monitoring connections and only allowing legitimate visitors to access thesite. However, by September 5 the hoster was being overwhelmed with nearly 400 GB of incoming requests every hour. Rather than let their infrastructure melt under the onslaught, the server is currently offline. This massive distributed denial of service (DDoS) attack was inspired by aa419.org's mission to blacklist and shut down scam web sites. Since 2004, the all-volunteer organization has recorded more than 18,000 such sites. In addition to publicly warning potential victims of fraud, they work with hosters and registrars to take scam web sites offline quickly, with a success rate of over 97% shut down. Susan Williams, press officer for aa419.org, said, "On the whole, we're positive about this. Not that we enjoy being offline; quite the opposite. But being attacked with a botnet of this magnitude tells us that we are doing serious damage to the organized crime networks that run these scams." Internet crime is increasing at record rates, and aa419.org is at the forefront of the fight against it. "We will continue our work regardless of how many criminals are annoyed by it," Williams said."

Castlecops comments on the DDoS taking place at the site too:

"This newest ddos round started about a week ago and knocked us offline for a couple hours while we figured out what was going on. And we're still under attack, so if the site is a bit slower, you know why. Odd month really, lots of sites, lots of sites, are under ddos. We've got over 10k bots attacking us with more being added daily.""

Spamnation reports that the popular scambaiting site 419Eater and the anti-scam site Scamwarners are the latest anti-spam sites to fall victim to a distributed denial of service (DDoS) attack. Artists against 419 was also hit recently as well as another useful anti-scam site, CastleCops, along with other sites hosting antispam forums.

Spamnation asserts that the Zhelatin (Storm Worm) gang is responsible for a number of other DDoS attacks this year, including an attack against anti-spam sites and download sites operated by a rival spam gang. Zhelatin are known to have spare capacity at the moment. There have been reports that they have built up a botnet containing more than a million computers, not all of which are currently being used for stock and pill spam.

For spam gangs like Zhelatin, a DDoS attack appears to be another opportunity to exploit. When the Zhelatin botnet gets to break in a site, it's more likely that the attack has been commissioned by one of their customers. In the same way that a customer can order a stock spam run, they can request a DDoS attack (although it has been claimed that DDoS attacks cost more than regular spam runs, because there is a greater risk that ISPs or law enforcement will react aggressively to shut down the machines involved).

Read full article here.

Peter Gutmann of the Department of Computer Science, University of Auckland presents how "malware has come a long way since it consisted mostly of small-scale (if prolific) nuisances perpetrated by script kiddies. Today, it's increasingly being created by professional programmers and managed by international criminal organisations. The Commercial Malware Industry looks at the methods and technology employed by the professional malware idustry, which is turning out "product" that matches (and in some cases even exceeds) the sophistication of standard commercial software, but with far more sinister applications."

The presentation discusses extensively how the malware industry has evolved from The Numbers Racket to organized crimes and even further now into the Spam, Carding, Phishing and Botnet businesses, among others. Provided in the presentation as well are case studies and examples, statistics, and technical mechanisms of these growing internet crimes as services.

Read more on Peter Gutmann's work here.

Researchers say the growing botnet has enough distributed power to launch a damaging attack against major businesses or even countries. The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers. That's the latest word from security researchers who are tracking the burgeoning network of machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months. Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen. According to Matt Sergeant, chief anti-spam technologist with MessageLabs, "in terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it." Sergeant adds that researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he estimates the botnet generally is operating at about 10% of capacity. Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.

Cyber criminals who control the botnet have a tremendous amount of destructive power. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.

Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware. The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently. MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it. "If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.

Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money. Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages -- 99% of them from the Storm worm -- were tracked crossing the Internet. According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company's 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they've counted 10,218,196.

Read full article at InformationWeek.

APCAUCE's 2007 meeting was held on 02 September 2007 in conjunction with the 24th APNIC Open Policy Meeting and SANOG 10, in New Delhi, India. The meeting agenda and presentations are now available and may be accessed here. An Overview of the ITU Development Sector Activities on Cybersecurity was presented by Robert Shaw, Head, ICT Applications and Cybersecurity Division, ITU Telecommunication Development Sector is available on the meeting site.

Security firm Sunbelt recently discovered that the Bank of India's hacked website was serving dangerous malware, and the infamous Russian Business Network, an ISP linked to child pornography and phishing, is behind the attack. The service provider in question has developed a notorious reputation. According to VeriSign threat intelligence analyst Kimberly Zenz, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-and-control, denial-of-service attacks and child pornography on every single server owned and operated by RBN."

Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad. Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]." Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code. The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet.

Read the full article on ZDNet.co.uk.

ITU, in collaboration with the Secretaría de Comunicaciones, Argentina, will be hosting a workshop 16-18 October 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection. The workshop will be held in Buenos Aires, Argentina.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants will be made available on the event website.

Contact cybmail@itu.int with any general queries you may have related to the workshop.

Researchers are warning universities that they're at risk of being hit with massive distributed denial-of-service attacks when they scan their own networks. According to Doug Pearson, technical director of Ren-Isac, the Storm botnet, a massive botnet that the hackers have been amassing over the last several months, has developed a counter-attack to computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service (DDoS) attack against any computer that is scanning a network for vulnerabilities or malware.

Ren-Isac, which is supported largely through Indiana University, recently issued a warning to about 200 member educational institutions and then put out a much broader alert, warning colleges and universities that their networks could come under heavy attack. According to the alert, this new Storm botnet tactic presents more danger to schools than it is to corporate enterprises simply because of the placement of the scanners. Pearson explains that universities and colleges often have their scanners on a public network making it visible to the Internet at large. If it was protected on a private network, the way it's done with most enterprises, the botnet would not be able to find it so there wouldn't be an IP route to send the DDoS packets.

Don Jackson of SecureWorks said in an interview that slowly but surely IT managers and consumers are getting better at blocking or at least ignoring the e-mail attacks, so the Storm worm authors are setting up a secondary attack venue.

Read the full article at InformationWeek.

On an article by InformationWeek, researchers are blaming the virulent Storm worm for a widespread denial-of-service attack that hit Canadian Web sites over the weekend, saying the attack could have been a test of the might of a botnet more than 1.7 million zombies strong.

Johannes Ullrich of the SANS Institute and the Internet Storm Center, said in an interview that "the DoS part was basically an unintentional side effect. It was a whole lot of spam -- enough to make the servers slow down. Once [that much spam] is set loose, it's hard to tell what's going to happen."

The Storm worm has been bombarding the Internet with massive amount of spam e-mails in the form of phony electronic greeting cards for the past several months. This emails lure unsuspecting users to malicious Web sites where their machines are infected with malware that turns them into bots, which adds them up to the massive botnet that the Storm worm authors have been putting together. However, the latest attack used e-mails with limited amount of text instead of the e-card ruse though, which confirms the attack was a test-run, according to Ullrich.

In the first half of this year, it has been reported that the Storm authors had a botnet about 2,815 strong according to the researchers at SecureWorks. That number had skyrocketed to 1.7 million by the end of July. Researchers at both SecureWorks and Postini said they think the Storm worm authors are cultivating such an enormous botnet to do more than send out increasing amounts of spam. All of the bots are set up to launch DoS attacks and that's exactly what they're anticipating.

Read the full article here.

On 30 July 2007 in Berlin and 27 June 2007 in Tokyo, the Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan signed a Joint Statement expressing the following:

"Information and Communications Technologies (ICT), including the Internet, are key enablers in the development of the economies in both Germany and Japan. Spam poses a potential threat to this economic development. It must be made clear that spam has no legitimate role in the German or Japanese e-economy.

The Federal Ministry of Economics and Technology of Germany, the Ministry of Internal Affairs and Communications of Japan and the Ministry of Economy, Trade and Industry of Japan see mutual benefit in strengthening friendship and cooperation between their two countries through cooperation concerning anti-spam policies and strategies. The aim is to support international cooperation in and among a variety of organizations such as the Organization for Economic Cooperation and Development, the International Telecommunication Union, the United Nations Conference on Trade and Development, the Internet Engineering Task Force, the International Consumer Protection and Enforcement Network, and the Asia-Europe Meeting.

Under this Joint Statement, cooperation in matters of mutual interest will be able to take place through the exchange of ideas, information, personnel, skills and experience and collaborative activities that will be of benefit to both sides. Because spam has implications for many groups of stakeholders, every effort will be made to ensure that all interested parties, both public and private, are consulted as appropriate. Particular areas of cooperation will include:

a) Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam;

b) Encouraging the adoption of effective anti-spam technologies and network management practices by German and Japanese Internet Service Providers and major business network managers, and further cooperation between government and private sectors;

c) Supporting German and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;

d) Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of multi-stakeholder public information and awareness campaigns to foster increased adoption of anti-spam practices and behaviours by end users in Germany and Japan;

e) Cooperating to strengthen anti-spam initiatives being considered in international fora."

To access the Joint Statement in different languages, click here.

SRI and Georgia Tech have been working on a new tool, BotHunter, that aims to quickly locate bot traffic inside a network. "BotHunter introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection. It employs a novel dialog-based correlation engine, which recognizes the communication patterns of malware-infected computers within the network perimeter.  A government/military version of this software has been in use successfully for about a month, and a public version has recently been released. A highly interactive honeynet using BotHunter is also run by SRI. Dozens of new infections are detected each day, and the site proves to be very helpful in understanding the behavior of the received malware. It generates a list of potentially evil IP addresses and DNS queries as well."

For more information on this new software, visit the BotHunter site.

To aid in choosing a good DNSBL, Swa Frantzen proposes at the SANS Internet Storm Center several tips and tricks in gauging which blacklists are effective. Presented as well are several criteria that must be considered by the blacklist administrators. Among the criteria they suggest are:

• Speed of reaction
• Selection criteria
• Goal of the blacklist
• Ease of getting unlisted
• Working Email contact to get unlisted
• Out of band contact details
• Blocking for the right reasons
• Duration of a block
• Automatic delisting
• Granularity of the block
• Security of the blacklist provider
• Extortion
• Warning to those getting listed

To read the full article, click here.

Sophos recently released its global statistics naming the top 12 spam-relaying countries for the period between April to June 2007. The US and China tops the list, while Europe, on the other hand, houses six of the top 12 countries mentioned in the statistics, which when combined, account for even more spam-relaying than the U.S. The statistics reveal as well that the overall global volume of spam rose by 9% during the second quarter, when compared to the same period in 2006.

"'While the US remains top spam dog, the latest chart emphasises the urgent need for joined-up global action to combat this growing problem,' said Carole Theriault, senior security consultant at Sophos. 'For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world. A consolidated effort is needed not only to pursue and prosecute spammers, but also to convince computer users everywhere of the importance of blocking rather than responding to spam messages. Everyone has a part to play if we are to win the global battle against spam.'"

Statistics on spam relayed by continent, however, show Asia as the top spam-relaying continent with the number of Asian nations relaying smaller amounts of spam. Europe, which topped the chart in the first quarter of 2007, has reduced its percentage by 6.6 percent and fallen to second place. Asia, North America, South America and Africa have all seen rises in spam-relaying activity.

Read the full article here.

A growing, sophisticated technique of propagating cyber-crime, dubbed as fast-flux service networks, has increasingly been elevating the threats we face today on the Internet. "Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations." Despite the awareness of researchers and ISPs of fast-flux for over a year now, all of the current researches on fast-flux is new.

According to the Honeynet Project & Research Alliance, criminal organizations behind two infamous malware families, Warezov/Stration and Storm, have recently adopted this so-called fast-flux service networks into their infrastructures. "The purpose of this technique is to render the IP-based block list, a popular tool for identifying malicious systems, useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.

To fight against fast-flux, "ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; 'blackhole' DNS and BGP route-injection; and monitor DNS."

Access the full article at the Dark Reading website.

Read more about fast flux service networks on the the Honeynet Project & Research Alliance's new report on the emerging networks and techniques.

On 25 June 2007, Malaysia released a notice for Tenders for the Provision of Consultancy Service for Strategic Study and Drafting of Anti-Spam Legislation for Malaysia. For more information, visit the Malaysian Communications and Multimedia Commission website.

The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.

The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.

Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.

Public submissions on the Code can be found here.

Visit the Internet Society of New Zealand website for further details.

28-31 Aug 2007 The ITU, in collaboration with the Viet Nam Ministry of Posts and Telematics and with support from the government of Australia, will be hosting a workshop 28-31 August 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection in Hanoi, Viet Nam.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants is available on the event website. Further information is available from cybmail@itu.int.

ITU has developed an online tool to keep track of crucial ICT security standards work through a single access point. The guide called the ICT Security Standards Roadmap brings together information about existing standards and work in progress by the world's key standards developers. It is a collaborative effort between ITU, the European Network and Security Information Agency (ENISA) and the Network and Information Security Steering Group (NISSG).

An electronic version of the 2007 Cybersecurity Guide for Developing Countries is available in English. Non-finalized versions are also available in Arabic, Chinese, French, Russian and Spanish. NB: A printed copy of this publication is available on request.

The 2006 version of the guide is available in English and French.

The ITU will be hosting a workshop on 17th Sepember 2007 entitled ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection:

At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) which are globally interconnected. However, with these growing dependencies, new threats to network and information security have emerged. There is a growing misuse of electronic networks for criminal purposes or for objectives that can adversely affect the integrity of critical infrastructures within States. To address these threats and to protect these infrastructures, a coordinated national framework is required - combined with regional and international cooperation. This workshop will review several related ITU initiatives and present two case studies by expert speakers from the United States of America and the European Union on their respective approaches. Attendance at the workshop is open to all interested participants within available space. Further information is available from cybmail@itu.int.

A United States House of Representatives subcommittee approved a bill on spyware this week, which recommends up to five years in prison for convicted distributors of malicious spyware.

Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the United States Senate. Observers have pointed out, however, that the increasing militancy among users fed up with unwanted software intrusion may make this latest attempt more successful. And there is a lot at stake. Creating trust in the internet will ensure its future development. More on this story is available here.

The ITU is taking a leading role in cybersecurity initiatives, particularly in light of calls for global action made at the World Summit on the Information Society. More information on ITU's work in this area is available here.

Kaspersky Lab, a developer of secure content management solutions, recently announced its annual report on malware and spam evolution. The report, authored by Kaspersky Lab analysts, surveys the trends of 2006 and looks at what 2007 may bring.

Malware Evolution: 2006. The report provides an overview of the most important incidents in the malware world, highlights the main trends, and examines how the situation will evolve. Particular stress is laid on the continuing increase in the number of Trojan programs, particularly those designed to steal online gaming account data; the first viruses and worms for MacOS; and Trojans for J2ME, which are designed to steal funds from mobile user accounts. The number of new malicious programs was up 41% on 2005. As for the future evolution of malicious programs, Kaspersky Lab virus analysts believe that virus writers and spammers will work ever more closely together; the number of Trojans will continue to increase; and that virus writers will be on the lookout for exploitable vulnerabilities in Vista.

Spam Evolution: 2006. Data provided by the Kaspersky Spam Lab shows that in 2006, between 70% and 80% of mail traffic on the Russian Internet was spam. The majority of spam sent to Russian users originates in Russia, the U.S.A. and China. Spammers actively used graphics in order to evade spam filters. They are also continued to send spam masquerading as personal correspondence in order to get the recipient to read the whole message and then act as the spammers intended, whether by calling a designated number or clicking on a link. The report on spam evolution also highlights how mass mailings differ from each other according to language: most Russian language spam offers education and training, and a wide range of goods ranging from busts of the Russian president to a device which will 'translate' a dog's bark. English language spam, on the other hand, tends to focus on advertising for stocks and shares, viagra and cheap software. The report also notes that spam became increasingly criminalized in 2006, with spammers actively using SMS to spread spam.

The company's analysts believe that technologies currently in use will continue to evolve in 2007, together with further development of graphical spam, and increased criminalization of mass mailings.

Read the executive summaries here: Malware Evolution: 2006 and Spam Evolution: 2006.
The full annual report can be found here.  

This news item was accessed through Russia Newswire.

This summary provides a general discussion of the amended Information Network and Privacy Protection Act (“INPPA”) of Korea. INPPA sets out the minimum procedural requirements for lawful online transmissions in Korea whereby transmissions of advertised materials against recipients’ refusal to accept are strictly prohibited. Although these rules are applicable to unsolicited commercial e-mails via the internet, they were intended to apply to all modes of telecommunication such as cellular phones, facsimiles, etc.

The Korean government has made continuing efforts since 1999 to curb the increase in spam mail and has since been monitoring the effectiveness of the implementation of additional provisions. The new law targets senders of spam mail that are commercial in nature. Consistent with its effort to protect minors from being exposed to obscene and violent materials online, the Korean government has also included a provision in the INPPA that requires senders to label those materials as such.

More information can be found here. 

Almost 40 countries will participate in the fourth edition of Safer Internet Day (SID) which this year takes place on 6 February.

The event is organised by European Schoolnet, coordinator of Insafe, the European safer internet network. Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day, as in the past two years.

The highlight of the day will once again be a worldwide blogathon, which will reach Australia on 6th February and progress westward through the day to finish up in the USA and Canada. Following the huge success encountered in 2006, this year’s blogathon goes one step further to include the voices of hundreds of youngsters.

In the framework of a competition launched in October 2006, more than 200 schools in 25 countries across the globe have been working in pairs, using technology to cross geographical borders, to create internet safety awareness material on one of three themes: e-privacy, netiquette, and power of image. On Safer Internet Day, all of the projects they have produced will be uploaded to the blogathon. The 4 prize-winning teams in the competition will be announced on 6 February when the blogathon opens to well over 100 organisations waiting on the starting block to add their postings on this year’s theme, Crossing borders.

To find out more about young people’s use of the internet and mobile phones, Insafe has been collecting data over the past two months through an online survey. Preliminary results will be made available on Safer Internet Day along with a wealth of other information tailored to the needs of not only media but also parents, teachers and youngsters in an online media room specially set up at www.saferinternet.org to mark the event.

On Safer Internet Day in the Netherlands, HRH Princess Maxima will be the special guest at an event featuring theatre, music and stories. In Slovenia, young people will showcase art projects and Slovenian national television will broadcast internet safety clips.

Across the globe, hundreds of other events will highlight the growing importance of internet safety in the lives of us all.
For further information see the following links:

Insafe
National nodes of Insafe
Safer Internet Day Blogathon
Safer Internet Programme
eTwinning (partner in the Safer Internet Day competition for schools)

In today's interconnected world of networks, threats can now originate anywhere − our collective cybersecurity depends on the security practices of every connected country, business, and citizen. The International Telecommunication Union (ITU), a specialized agency within the United Nations system, would like to draw Safer Internet Day participants' interest to a number of information resources dedicated to cybersecurity and spam.

The ITU Cybersecurity Gateway is an easy-to-use online information resource on national and international cybersecurity related initiatives worldwide. A vast number of resources and links are available and organizations are invited to join in partnership with the ITU and other stakeholders to build confidence and security in the use of information and communication technologies (ICTs).

The StopSpamAlliance is a joint initiative to gather information and resources on combating spam. This initiative was undertaken by Asia-Pacific Economic Cooperation (APEC), the EU's Contact Network of Spam Authorities (CNSA), International Telecommunication Union (ITU), the London Action Plan, Organisation for Economic Co-operation and Development (OECD) and the Seoul-Melbourne Anti-Spam group. The StopSpamAlliance.org website contains an overview about each of these organization’s activities in countering spam and related threats.

The outcome documents from the two phases of the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of information and communication technologies (ICTs) is a necessary pillar for building a global information society. ITU has been asked to play the main facilitator role for to assist stakeholders in building confidence and security in the use of ICTs. To stress the importance of the multi-stakeholder implementation of this task, ITU has named this the Partnerships for Global Cybersecurity (PGC) initiative.

In commenting on the Safer Internet initiative, newly elected ITU Secretary-General Hamadoun Toure stressed the need for greater cooperation between regulators, government, security firms, communication service providers, and end users in dealing with the challenges to building a safe and secure information society.

The International Telecommunication Union wishes you all a very successful Safer Internet Day 2007!

Enquiries related to ITU activities in the area of cybersecurity can be directed to cybersecurity@itu.int.

About ITU

The International Telecommunication Union (ITU) is an international organization (specialized agency) within the United Nations System where governments and the private sector coordinate global telecommunication networks and services. Through its standards, development, and policy research activities, ITU has a long-standing track record in security for information and communication systems. There are currently more than seventy ITU recommendations focusing on security.

Two resolutions relating to cybersecurity and defining ITU's activity in that domain were adopted by ITU Member States at its Plenipotentiary Conference in Antalya, Turkey, held in November 2006. These are:

• RESOLUTION 130 (Rev. Antalya, 2006): Strengthening the role of ITU in building confidence and security in the use of information and communication technologies
  
• RESOLUTION 149 (Antalya, 2006): Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies

5-6 April 2007 The Russian Association for Networks and Services (RANS) will hold its sixth international security conference entitled Security and Trust for Infocommunication Networks and Services on 5-6 of April 2007 at the Moscow Marriott Grand Hotel. One of the topics to be considered on the agenda in a grand plenary session will be WSIS Action Line C5 with the participation of Houlin Zhao, ITU Deputy Secretary-General.

14-15 May 2007 The ITU has a new Secretary-General, Dr. Hamadoun Toure, who has indicated in his first public statements and to senior ITU staff that he considers cybersecurity and particularly follow-up to WSIS Action Line C5 to be a key strategic area of focus for future ITU activities.

The next annual facilitation/consultation meeting for WSIS Action Line C5 will be held 14-15 May 2007 at ITU in Geneva in conjunction with a cluster of events to be organized around 17 May (World Telecommunication and Information Society Day).  The meeting is open to all participants with an interest in C5 activities. More details concerning the draft agenda and administrative arrangements for the event will be circulated shortly along with a list of other WSIS-related meetings to be held 14-25 May 2005 in Geneva.

Further information will be posted at the WSIS C5: Partnerships for Global Cybersecurity website. Enquiries can be directed to cybersecurity@itu.int.

IDG Sweden has published an interview between a journalist from Computer Sweden Magazine and a person claiming he is the creator of the Haxdoor Trojan, a program used for bank fishing and responsible for the recent phish of an Australian bank as well as the recent phish of Nordea bank.  The interview was done over ICQ.  With the assistance of someone from Symantec, the interviewer reached the interviewee, who uses the screen name Corpse, by pretending to be interested in buying a handcrafted version of the program for the phish of a particular bank. 

In the interview, Corpse indicates that he is clearly aware that his program is used for bank fraud and offers to sell Haxdoor, including support by him, to the journalist for $3000.  In their discussion about attacks that have been perpetrated by Haxdoor, Corpse states that security staff at banks try to hide 99% of the actual attacks in an attempt to prevent their customers from being frightened.  However, Corpse will not discuss previous customers or the person(s) who may have been behind some of the attacks by Haxdoor that have become public.  When the journalist expresses concern about being caught, Corpse offers to make the attack untraceable by providing the journalist with servers in China, the United States, or Europe for $150 per month.  Corpse also makes that claim that versions of Haxdoor exist with the ability to hide in the operating system, and therefore, cannot be detected by anti-virus programs.  He goes on the talk about the features of Haxdoor, which include a graphical interface allowing attacks to be tailored, rootkit and self-defense functions, support for all versions of Windows from 98 to Vista, and delivery as a rar or zip archive.

For a full version of the interview (in Swedish), please click here.

Last week, the Anti-Spyware Coalition released its guides on best practices and conflict resolution. The best practices guide is based on a set of software definitions and the risk-model description created by the Coalition.  It is intended to provide insight into the way security firms identify applications, flag behavior, and then distinguish between "unwanted" software and software that provides "real value to users."  Included is the "clearest description" that the Coalition has issued of the methodology used by anti-spyware companies in determining what software is "unwanted."  The conflict resolution guide addresses the topics of competing anti-spyware software on a system and helping consumers understand the problems that may result in their security applications.

For links to the Anti-Spyware Coalition guides and supporting documentation, please click here.

The European Parliament held an STOA Workshop on "RFID in the everyday life of Europeans: A citizen's perspective on ambient intelligence" on 24 January 2007. The workshop was organized as part of the project "RFID and identity management: Case Studies from the frontline of the development towards ambient intelligence" commissioned by the Scientific Technology Options Assessment (STOA) Panel of the European Parliament, and carried out by the European Technology Assessment Group.

ITU's Lara Srivastava delivered a presentation on the topic "Is our enviroment getting smarter? Are we". Her presentation is available here. 

The North American Consumer Project on Electronic Commerce (NACPEC) has created a section on its website that provides visitors with relevant and up to date information on spam and phishing.

Although there is no international consensus on the definition of spam, spam has evolved from a minor nuisance to a problem, which is often criminal and fraudulent, for users and computer networks. In addition to the fact that most spam advertises goods or services that are of questionable quality or that contain deceptive or misleading offers, spam is a channel for the propagation of viruses and spyware as well as a way to perpetrate other criminal activities through phishing and pharming techniques.  It is a threat to the use and functioning of corporate, public, and academic networks; assists cybercrime; threatens consumer confidence; and undermines the use of email. 

Since 2000, the amount of spam circulated has more than doubled, reaching somewhere between 58% to 85% of all email.  Spam is the cause for significant economic costs and losses in productivity for service providers, businesses, civil society, academic institutions, and especially consumers.  During the World Summit on the Information Society (WSIS) thematic meeting on spam in July 2004, the Chairman reported that spam costs the global economy approximately US$ 10 billion per year, and the European Commission has estimated that spam costs users EUR 10 billion per year. Spam is now no longer only a problem for computer networks, it is also becoming an issue in mobile phones, instant messaging services, weblogs, and wireless networks. Currently, there is no one solution to the problem of spam.  It is a complex, cross-border issue requires the adoption of a multi-dimensional and multi-stakeholder approach as recommended by the Anti-Spam Toolkit for the OECD.  To curb spam, a combination of solutions will be required.

More information can be found here.

In his article "Trench Warfare in the Age of the Laser-guided Missile," Neil Schwartzman gives a brief description of the history of spam and the anti-spam movement, provides a summary of the current state of spam, and makes a series of recommendations concerning what actions the anti-spam community should take.

History of Spam and the Anti-Spam Movement:  According to Schwartzman, both spam and the anti-spam movement have steadily evolved since 1995.  The anti-spam movement has seen the rise of government groups, NGOs, and industry coalitions as well as anti-virus and spyware technologists and companies working individually to stop spam.  Spam, however, has stayed ahead of the anti-spam movement, becoming more and more sophisticated in its ability avoid filters, collaborate with viruses, and reach users. 

The Current State of Spam:  Schwartzman sums up the current situation as a "blended criminal threat."  He examines penny stocks, promoted using 'image-only' payloads.  Stock spamming leaves paper trails and this led to some successful prosecutions at the end of 2006.  He reaches the conclusion that although currently popular, stock spamming will decline as prosecutions increase.   He also looks at phishing, which he feels is far more serious than stock spamming, because  "personal information is the currency used by criminals on the net."

Consumer Confidence & Organized Crime:  Although online commerce continues to grow, user confidence is e-commerce is decreasing as the number of threats from spam increase.  Recent studies show that up to 90% of polled consumers are deeply skeptical about their ability to conduct business safely online.  Schwartzman feels that as more users become victims or personally know victims of online fraud, they will cease their online purchasing and return to traditional retail outlet purchasing.  One major concern is the possible failure of a major online financial service, which would certainly speed up users return to traditional retail and cause massive damage to the reputations of all online service providers.  There is also additional concern as there is now "full integration with the bad-guy technologists and sophisticated groups of computer-aware criminals."  The large amount of money that can be made from spam has now attracted organized crime including the Russian mob, the Italian mafia, the Hell's Angels, and the Columbian drug cartels.

The Future:  At the inbox level, anti-spam technologies are very effective at blocking spam; however, the resource cost is becoming an issue as "major receiving sites have said privately that their systems are all but overwhelmed by the new levels of spam."  The latest spam/malware threat is known as SpamThru.  Although not yet being used to its full capacity, it caused an 80% increase of spam on some sites in the last three months of 2006.  It also has the capability of avoiding complete deletion by removal programs.  Other technologies which are also popular right now are 'Queen bots', which are capable of changing profiles and controlling subservient zombie computers, and 'fast-flux dns', which is a DNS server hosted on an infected machine that resolves human-recognizable URLs to a multitude of similarly infected machines.  If spam continues to increase, and there are several ways it can, the result could be the end of e-mail or the Internet itself or virtual attacks on the real world (several of which have already been realized),  

What Should Be Done:  According to Schwartzman, the anti-spam movement is losing.  This can be mostly attributed to the fact that the movement is disjointed and disorganized.  Companies often have various groups dealing with different aspects of spam and malware who never communicate or coordinate.  This is also seen in the interaction of the various anti-spam groups organized within the industry.  Schwartzman believes that active participation and cooperation by all stakeholders is necessary to successfully fight spam and he makes a series of suggestion as to how this can be achieved.

See the complete article here. 

In their paper "Spam Works: Evidence from Stock Touts and Corresponding Market Activity," Laura Frieder and Jonahan Zittrain examine the impact of spam that advertises stock upon the trading activity of those stocks, how profitable such spamming might be for the spammer, and how harmful this behavior is to those who follow the advice in stock-touting e-mails. Using a large sample of touted stocks listed on the Pink Sheets quotation system, the authors offer evidence showing that the use of spam is affecting stock prices. In addition to an increase in transaction volume, spammers are acheiving 5% gain on the stock before they dump it.  They also suggest that the effectiveness of this practice "calls into question the prevaling models of securities regulation that rely principally on the proper labeling of information and disclosure of conflicts of interest to protect consumers." In response to this, they propose several regulatory and industry interventions.

The paper can be found here.

Several Internet-related Decisions and Resolutions were adopted at the ITU 2006 Plenipotentiary Conference. These include:

• DECISION GT-PLEN/A (Antalya, 2006): Fourth World Telecommunication Policy Forum
• RESOLUTION 101 (Rev. Antalya, 2006): Internet Protocol-based networks
• RESOLUTION 102 (Rev. Antalya, 2006): ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses
• RESOLUTION 130 (Rev. Antalya, 2006): Strengthening the role of ITU in building confidence and security in the use of information and communication technologies
• RESOLUTION 133 (Rev. Antalya, 2006): Role of administrations of Member States in the management of internationalized (multilingual) domain names
• RESOLUTION GT-PLEN/7 (Antalya, 2006): Study on the participation of all relevant stakeholders in the activities of the Union related to the World Summit on the Information Society

The text of these resolutions and decisions can be found here.

A presentation entitled Update on ITU Cybersecurity and Countering Spam Activities (PDF), was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit, at the 2nd Joint London Action Plan (LAP) - EU Contact Network of Spam Authorities (CNSA) meeting on 13-14 December in Brussels.

At the same event, Mark Sunner of MessageLabs gave a presentation entitled Security Landscape Update describing the latest kinds of security threats, including the emergence of a new peer-to-peer 'SpamThru' zombie botnet (Slide 7).

A detailed presentation by Joe St. Sauver at a recent Messaging Anti-Abuse Working Group meeting in Toronto, Canada describes how spammers are now resorting to hijacking IP address blocks.

8 December 2006 At last week's ITU WORLD TELECOM FORUM in Hong Kong, China, a special event was held entitled Countering Spam Cooperation Agenda. The agenda with submitted presentations from the meeting is now available on the WSIS Action Line C5: Partnerships for Global Cybersecurity website.

In conjunction with the Forum at ITU TELECOM WORLD 2006, 4-8 December in Hong Kong, China, ITU is organizing a one day event on 8 December entitled "Countering Spam Cooperation Agenda". Key international and regional organizations involved in the fight against spam will gather to discuss greater collaborative efforts to combat spam and related threats. The event is open to all ITU TELECOM WORLD 2006 participants.

See the full ITU Press Release for the event here.

A recent CNet News article shares background information and definitions on different topics in the area of security, including on botnets, distributed denial-of-service attacks, hacking, spyware, etc.

Read the full article here.

Splogs are blogs where the articles are fake and only created for spamming purposes. According to Technorati in its State of the Blogosphere the number of blogs created these past months has diminished largely because "splogs" are now easier to detect. Blog search engines detect and delete most of the "splogs", but according to Technorati, 4% of the "splogs" still manage to get through the filters in place.

Despite "splogs", the blogopsphere continues to grow. At the end of October 2006, 57 million blogs existed, 3 million more than in June 2006, and 55% were considered active (updated at least once in the last 3 months.).

To read the full l'Expansion magazine article in French, click here.

According to the European Commission, EU member states are not doing enough to tackle the problems of spam, spyware and malicious software, despite the existing EU legislation. The implementation by EU members of this legislation is still a problem and Europe continues to suffer from illegal online activities from inside the EU and from third countries.

The Commission is now calling on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software and urging governments and industry to cooperate fully in this fight by applying proper filtering policies and assuring good online commercial practices. The Commission has also called for prosecution of those involved in illegal online activities. Because of the criminal and fraudulent trend in spam, and its cross border aspects, good cooperation and dialogue between the EU and third countries is essential to succeed in this fight. According to Viviane Reding, the Commissioner for Information Society and Media "it is time to turn the repeated political concern about spam into concrete actions to fight spam."

For more information, see the newly released Commission Communication.

Read also the SiliconRepublic article.

ITU-T Focus Group on Security Baseline for Network Operators has issued a survey which seeks to assess the security preparedness of network operators. The results from the survey will be used in preparation of a new ITU-T Recommendation: "Security Baseline for Network Operators". Participants are asked about their level of preparedness for various security threats.

Once approved the ITU-T Recommendation will show the readiness and ability of operators to collaborate and coordinate counteraction against security threats arising from interconnected networks. The Security Baseline will allow network operators to assess their network and information security posture in terms of what security standards are available, which of these standards should be used to meet particular requirements, when they should be used, and how they should be applied. It will also identify security Recommendations and standards to support evaluation of operators’ network security and information security.

Commencement of the first draft of the Recommendation will begin towards the end of 2006.
See the online survey which is aimed at network and service providers.

A deadline of 24 November 2006 has been set for survey responses.

Researchers and IT managers are confirming that spam levels have been particularly high in the past month and that there are no signs of a decrease. This phenomenon is the result of a new generation of viruses and zombies that infect computers very quickly and are increasingly difficult to get rid of. Image-based spam is also to be blamed. Spammers now know how to represent words in an image that are recognizable only by the human eye tricking anti-spam technologies and further increasing the negative effects of spam.

Read the full PC World article here.

The Asia Pacific Economic Cooperation (APEC), the EU Contact Network for Spam enforcement Authorities (CNSA), the International Telecommunication Union (ITU), the London Action Plan for Spam Enforcement (LAP), the Organisation for Economic Cooperation and Development (OECD), and the Seoul-Melbourne Anti-Spam group, six leading international anti-spam initiatives/organizations, launched at the United Nations Internet Governance Forum (IGF) in Athens, Greece, a new online information resource to assist stakeholders in their fight against spam.

This new website (http://www.stopspamalliance.org/) aims to help coordinate international action against spam more effectively and improve information sharing in this area. It will contain information on anti-spam laws and enforcement activities, consumer and business education, best practices for fighting spam, and international cooperation.

For further information, please visit http://www.stopspamalliance.org/

Computer World reports of a new kind of spam called "targeted spam or spear phising". This type of spam, currently on the rise, is particularly hard to catch for spam filters because the spammer is able to "spoof" the sending e-mail address to make it look like it's coming from within the organization of the recipient. Unlike traditional spam, spammers send just a few of these messages at the same time, making antispam technology’s job even harder.

These attacks affect essentially large organizations or very well-known brands. Once the company has been alerted, blocking it is pretty easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases.

For more information, read the full Computer World article.

According to a recent Forbes article a new kind of spam is rapidly invading users’ e-mail boxes: image spam.

To the human eye, image spam looks like regular junk email, but for anti-spam software, the image spam is very hard to detect. Usually anti-spam programs scan messages for certain key phrases but do not analyze pictures, so the same word saved as an image file goes undetected. Anti-spam technology is trying to adapt to this new phenomenon. However, for now, image spam is on the growth and is consuming much more bandwidth and storage space in consumers’ e-mail boxes.

To read the full Forbes article, please click here.

For more information, see Secure Computing’s Report on Image Spam.

"In a sweeping set of measures, the German Federal Network Agency has ordered more than 80 network operators and service providers not to bill or collect for any phone numbers used illegally. A large number of consumers had complained to the German Federal Network Agency about so-called ping calls and other forms of telephone spamming."

"A ping call is where a call is made to a telephone number and broken off after just one ring. The subscriber’s display shows a “missed call” with an expensive premium-rate number or an 0137 number. In addition to these ping calls, another form of telephone spamming promises prizes where the person called hears a prerecorded message saying that they have won a large amount of money that can be collected by calling an expensive premium-rate number."

"The Federal Network Agency’s stringent measures are a continuation of the intense battle against telephone spam. Since May 2006 alone, the Federal Network Agency has disconnected 237 call numbers on account of ping calls and prize promises. In addition, a ban has been imposed on billing and collecting for 78 call numbers. These bans protect consumers that have called a spam number back, and prevents them from having to pay any charges. The spammer does not receive any payment for the calls initiated."

See the Federal Network Agency's press release here.

On 16 October 2006, Mauritius officially launched their Anti-Spam Awareness Campaign. On this occasion the Minister of IT and Telecommunications also presented a dedicated Anti-Spam Website with resource aimed at raising awareness and sharing information on spam, malwares, etc.

In Mauritius, the spamming problem is gaining in magnitude and there is a need to have a concerted approach to address this issue. Without remedial action to address the problem of spam in Mauritius, the country runs the risk of being seen as a safe haven for spammers and there is the risk that legitimate email traffic from Mauritius to other countries which have anti-spam legislation, could be blocked. In this context, the National Computer Board has set up a National Anti Spam Committee to co-ordinate activities at the national level with regards to combating spam.

The Anti-Spam Co-ordination Committee consists of representatives from the following national organisations: National Computer Board; IT Security Unit, Ministry of IT and Telecommunications; Ministry of Education and Human Resources; Ministry of Industry, Commerce, Small and Medium Enterprises and Cooperatives; Ministry of Foreign Affairs, International Trade and Cooperation Joint Economic Council; Mauritius Chamber of Commerce and Industry (MCCI); State Law Office; ICT Authority; Mauritius IT Industry Association; Internet Society; University of Mauritius (UOM); University of Technology; Telecom Plus/Mauritius Telecom ACT.

For further information see the newly launched Anti-Spam Website and Mauritius' Anti-Spam Action Plan.

The Journal du Net states in a recent article that organized cybercrimes represent a growing risk for internet users. Hackers use new techniques to hide and make their attacks more efficient. Their main goal is not to destroy computers. With the rapid development of e-commerce, hackers want to take over personal data and make as much profit as they can with it.

To achieve this, they use different forms of worms or trojans send from servers hosted in countries where the legislation is less strict. To protect their economic interests, businesses need to include employees in their security policies so they do not become the weak link in the security chain.

See Journal du Net for the full article in French.

The first meeting of the Internet Governance Forum (IGF) will be held in Athens, Greece from 30 October - 2 November 2006.

The current programme is available here.

A couple of related websites have been unveiled:

• Australian academic Jeremy Malcolm has established IGFWatch at igfwatch.org.
  
• Jeremy Malcolm and also joined with UK journalist Kieren McCarthy to establish the IGF Community Site at www.igf2006.info for interaction before, during and after the event.

CircleID has a related article asking What Will Be the Outcome of the Internet Governance Forum Meeting in Athens?

Business Week Online shows in a recent article entitled "Needed: A National Cyber Security Law'" that more and more people have their personal information lost, stolen or compromised. Security breaches are eroding their trust in the capability of the Internet to deal with their private personal information. This growing confidence-deficit represents a serious threat to the economic growth of each country, according to the article. Therefore, it is time for officials to act by passing strong data-security laws. These national laws must aim to both prevent further data breaches and address leaks once they occur.

"To accomplish these goals, lawmakers should establish reasonable security measures, create a consistent and recognizable notification standard, encourage best practices such as encryption, and include effective enforcement capabilities".

See Business Week Online for the full article.

Computer World released an article entitled “Ten security trends worth watching”, based on Bruce Schneier’s speech at last month’s Hack in the Box Security Conference in Kuala Lumpur, Malaysia.

Mr. Schneier identified 10 trends affecting information security today:

1. Information is more valuable than ever.
2. Networks are critical infrastructure. "If the Net goes down, or part of the Net goes down, it really affects the economy".
3. Users do not necessarily control information about themselves. For example, Internet service providers have control over records the Web sites that users visit and email messages they send and receive.
4. Hacking is increasingly a criminal profession. More and more, attacks are organized and led by criminals who are driven by a profit motive.
5. Complexity is your enemy. "As systems get more complex they get less secure". Mr. Schneier mentioned that the Internet is "the most complex machine ever built".
6. Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them.
7. Worms are more sophisticated than ever. 
8. The endpoint is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy".
9. End users are seen as threats.
10. Regulations will drive security audits.

See Computer World for the full article.

"The existing identity infrastructure of the Internet is no longer sustainable. The level of fraudulent activity online has grown exponentially over the years and is now threatening to cripple e-commerce. Something must be done now before consumer confidence and trust in online activities are so diminished as to lead to its demise." A recently released paper by the Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, tries to address this: 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age. 

See more information on the 7 Laws in the related news release and brochure.

Slashdot has an article that says "Researchers are finding it practically futile to keep up with evolving botnet attacks. 'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va. There is a general feeling of hopelessness as botnet hunters discover that, after years of mitigating command and controls, the effort has largely gone to waste. 'We've managed to hold back the tide, but, for the most part, it's been useless,' said Gadi Evron, a security evangelist at Beyond Security, in Netanya, Israel, and a leader in the botnet-hunting community. 'When we disable a command-and-control server, the botnet is immediately re-created on another host. We're not hurting them anymore.' There is an interesting image gallery of a botnet in action as discovered by security researcher Sunbelt Software."

A recent BBC article shows how vulnerable XP Home really is. "Using a computer acting as a so-called 'honeypot' the BBC has been regularly logging how many potential net-borne attacks hit the average Windows PC every day. With a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet."

The majority of the incidents were merely nuisances. "Many were announcements for fake security products that use vulnerabilities in Windows Messenger to make their messages pop-up. Others were made to look like security warnings to trick people into downloading the bogus file." "However, at least once an hour, on average, the BBC honeypot was hit by an attack that could leave an unprotected machine unusable or turn it into a platform for attacking other PCs. Many of these attacks were by worms such as SQL.Slammer and MS.Blaster both of which first appeared in 2003. The bugs swamp net connections as they search for fresh victims and make host machines unstable. They have not been wiped out because they scan the net so thoroughly that they can always find another vulnerable machine to leap to and use as a host while they search for new places to visit."

Read the full BBC story.

This article was accessed through Slashdot.

Wired News in an article brings attention to the insecurity of some of the new technologies online. “VOIP and Ajax -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference.”

"Voice over internet protocol is going mainstream, available to consumers and increasingly replacing the private phone systems in businesses of all sizes. Like the traditional phone, a VOIP call is broken into two parts, or channels. The first is signaling, which negotiates things like when to start and stop a call, what to do if another call comes in, and what to do if something about the call changes. The second part is media, the bit where we talk. In most VOIP systems neither of these channels is actually encrypted."

"According to Dustin Trammell, VOIP security researcher at Tipping Point, this leaves most VOIP calls vulnerable. Calls can be hijacked without either party's knowledge anywhere along the route over the net that connects the call, and nearly all VOIP systems can fall victim to signal-channel attacks that can fake caller ID, degrade call quality, end calls suddenly, and crash the end device -- either your VOIP phone or computer. Internet telephony can even fall victim to denial-of-service attacks that flood a phone with fake requests to start a call, rendering it useless."

Read the full Wired News article on VOIP and AJAX security issues.

The United States National Cyber Security Alliance (NCSA), a consortium of government agencies and private industry sponsors, aims to educate the public about core security protections this October, during the national cyber security awareness month, with its campaign on 'Cyber Security: Make It A Habit'.

U.S. National Cyber Security Awareness Month is a national campaign designed to increase the public’s awareness of cyber security and crimes issues, so that users can take precautions to avoid these threats on the Internet. The month will feature public relations activities, educational programs, events and initiatives throughout October that targets Home Users, Small Businesses, Education audiences (K-12 and higher education), and Child Safety online.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. PhishTank was launched by the people behind OpenDNS and will be used to dynamically block access to phishing sites. For more information, see their FAQ.

The ITU has unveiled a new website Partnerships for Global Cybersecurity dedicated to moderation/facilitation activities related to implementation of WSIS Action Line C5: Building Confidence and Security in the Use of ICTs.

Background

The outcome documents from the World Summit on the Information Society (WSIS) emphasize that building confidence and security in the use of ICTs is a necessary pillar for building a global information society (see extracts). The Tunis Agenda describes the establishment of a mechanism for implementation and follow-up to WSIS and requests ITU to play a facilitator/moderator role for WSIS Action Line C5: Building Confidence and Security in the Use of ICTs. In order to stress the importance of the multi-stakeholder implementation of related work programmes, ITU has named this the Partnerships for Global Cybersecurity initiative.

Here's how to participate and how to contact us if you would like to contribute to the work programmes.

Work Programmes

Based on the first facilitation meeting held in May 2006 and the related Chairman's Report, work programmes in three focus areas have been initiated:

• Focus Area 1 (National Strategies): The development of a generic model framework or toolkit that national policy-makers could use to develop and implement a national cybersecurity or CIIP (Critical Information Infrastructure Protection) programme. More information on activities, mailing lists and events.
  
• Focus Area 2 (Legal Frameworks): Capacity-building on the harmonization of cybercrime legislation, the Council of Europe's Convention on Cybercrime, and enforcement. More information on activities, mailing lists and events.
  
• Focus Area 3 (Watch, Warning and Incident Response): Information-sharing of best practices on developing watch, warning and incident response capabilities. More information on activities, mailing lists and events.

For general information on WSIS implementation as a whole, including other action lines and themes, see here.

In a press release, Gartner, Inc. advises businesses to plan for five increasingly prevalent cyberthreats that have the potential to inflict significant damage on organisations during the next two years. These threats are:

• Targeted threats (Targeted threats are cyber attacks with a financial motivation that are aimed at one company or one industry);
• Identity theft (Identity theft refers to the theft of an individual's personal or financial information for the purpose of stealing money or committing other types of crimes);
• Spyware (Spyware is malicious software that can probe systems, reporting user behaviour to an advertiser or other party without the user’s knowledge);
• Social engineering (Social engineering is the practice of obtaining confidential information by manipulating legitimate users);
• Viruses (Viruses are malicious programmes that use a propagation method to enable widespread distribution.)

According to Amrit Williams, research director at Gartner, "We are seeing an increasingly hostile environment fuelled by financially motivated and targeted cyber attacks. By 2008 we expect that 40 percent of organisations will be targeted by financially motivated cybercrime."

"Cyber attacks are not new, but what is changing is the motivation behind them. They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry," said Williams.

"For example, we have recently seen several companies hiring private investigators to spy on their competitors. Private investigators used Trojans to install targeted spyware on competitors’ computers to gather confidential information about such things as upcoming bids and customers."

Gartner said that social engineering and viruses will remain an everyday nuisance for chief information security officers through 2009. It warned that in the next two years, at least 50 percent of organisations will experience a social engineering or a virus attack."

Access the full report and Gartner news release here.

Business Communications Review has an article entitled The Botnet Threat reviewing a recent report put out by Arbor Networks, which surveyed ISPs about their biggest security concerns.

"When they surveyed 55 ISPs, McPherson and Labovitz discovered that distributed denial of service attacks, and the related threat of botnets, remain the biggest security problem that ISPs face. Together, these two elements were named as the top threat by 77 percent of respondents. "Brute-force attacks remain the most predominant attack type on the Internet today," the authors write.

The largest sustained attack reported by the survey respondents was a whopping 17 Gbps; a UDP flood of 22 million packets per second (pps) and a SYN flood of 14 million pps have also been reported. "The magnitude of these attacks is incredible when you consider that a 14 Mpps SYN flood can nearly fill an entire OC-192 (10 Gbps) circuit with a minimum packet size," McPherson and Labovitz write. "Any one of these attacks, or even a fraction thereof, can create significant pain for even the largest ISP networks in the world today."

The report also cites what the authors call "a new and disturbing observation" made by one respondent: Not only are botnets highly organized and "uniformly gargantuan," but there's an increasing amount of marketing of these botnets. ("Blast your affiliate numbers overnight!" is a typical pitch they report seeing.)"

A select committee has recommended a major change to New Zealand's anti-spam bill, suggesting anyone should be able to send unsolicited emails that are of an entirely non-commercial nature and need not desist even if asked to do so by the recipient. The original anti-spam bill said that organisations that sent unsolicited emails to promote their aims or ideals - such as school newsletters and messages from political lobbyists - would fall foul of the spam bill. This is if they did not stop sending messages when asked to do so, by letting recipients "opt-out". The select committee dropped this requirement in amendments it proposed early September 2006.

The proposed amendments also drop the legal requirement that spam be reported to a customer's internet service provider before Internal Affairs could take action. Other proposed amendments eliminate the distinction between emails whose prime purpose is commercial and ones that are primarily promotional, but which contain a commercial element, and lift a ban on possessing or supplying email harvesting software, but bans New Zealanders from using such software to send spam.

This news item was retrieved through the APCAUCE Newslog.
The full article is available at stuff.co.nz.

The Messaging Anti-Abuse Working Group (MAAWG), in the context of its work together with the OECD Anti-Spam Task Force has developed an E-mail Metrics Program and agreed on a series of ISPs spam indicators. In June 2006 MAAWG released the second spam metrics report. The report, providing data for the first quarter 2006, is key to evaluating the evolution of spam and the effectiveness of anti-spam solutions and educational efforts.

Download the full MAAWG report here.

On the 5th of May 2006, France and Japan signed a joint statement within the framework of a coordinated international action in order to fight spam. Both countries especially consider to exchange informations and good practices regarding the field of anti-spam policies and strategies.

The French Direction du Developpement des Medias (DDM) has more information on their website.

See other spam-related articles on the OECD Task Force on Spam website

The Vietnamese Ministry of Trade is drafting a circular governing advertising activities by electronic means, including emails, pop-ups and mobile phone messages.

"Local Internet users have been bombarded with spam mails but most of them are from overseas. Now such a circular is necessary as local spamming activities are on the rise.

The circular has basic requirements for users to fight spams such as opt-out options, genuine sender addresses, sender telephone numbers and obvious headings. But it seems that the draft circular is too lenient towards spammers when it provides them five working days before they have to stop their spams in case recipients choose to opt out. It also allows for the collection of personal data including email addresses and telephone numbers. Even though the circular requires collecting parties to ask for permission first and to keep those data confidential, this provision can be abused and can cause disputes later on.

This is all the more possible because the circular provides two scenarios: A complete ban of sales of email addresses and telephone numbers to advertisers; or allowing such an activity. Unsolicited short mobile messages are now possible because some carriers are selling subscribers’ numbers to various advertising companies. Users are especially frustrated when senders use some automatic message generation device so that they might receive an advertising message in the middle of the night.

The fines provided in the draft circular are from VND5 million to VND20 million, which many say are not heavy enough to prevent harmful violations of personal information."

[via APCAUCE and Viet Nam News]

"As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device."

The U.S. CERT (Computer Emergence Readiness Team) recently published a list of tips for users on how they can protect themselves against these increasing threats.

What unique risks do cell phones and PDAs present?

Most current cell phones have the ability to send and receive text messages. Some cell phones and PDAs also offer the ability to connect to the internet. Although these are features that you might find useful and convenient, attackers may try to take advantage of them. As a result, an attacker may be able to accomplish the following:

• Abuse your service;
• Lure you to a malicious web site;
• Use your cell phone or PDA in an attack;
• Gain access to account information.

What can you do to protect yourself?

• Follow general guidelines for protecting portable devices;
• Be careful about posting your cell phone number and email address;
• Do not follow links sent in email or text messages;
• Be wary of downloadable software;
• Evaluate your security settings.

Read the full article on the U.S. CERT website.

The top three antivirus programs -- from Symantec, McAfee, and Trend Micro -- are less likely to detect new viruses and worms than less popular programs, because virus writers specifically test their work against those programs:

"On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.

"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram.

However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.

It's interesting to watch the landscape change, as malware becomes less the province of hackers and more the province of criminals. This is one move in a continuous arms race between attacker and defender."

[via Schneier on Security]

In separate reporting on the Black Hat USA conference, experts say that the spyware problem has "gotten so bad that it is unlikely it can ever be solved on a technical level. Instead, the solution will have to come from regulators and law enforcement agencies" .

"It's not technically feasible to stop spyware. You will not be able to stop this technically "This problem lives at the legal-technical boundary. We can't go around arresting people," said Dan Kaminsky, senior security researcher and founder of Seattle-based Doxpara Research, speaking on a spyware panel at the recent Black Hat USA 2006 event. "We need to create standards that clearly delineate legitimate code from illegitimate code where you throw people in jail."

"To protect Internet users from online fraudsters and defend the Internet against scammers commandeering network resources, the two most influential global trade associations combating Internet crime have jointly released an explicit new set of Best Practices to combat “phishing,” a major cause of online identify theft and fraud. The recommendations will help Internet Service Providers (ISPs) and mailbox providers better police their own infrastructures and filter traffic traversing their networks."

The Anti-Phishing Working Group (APWG) and the Messaging Anti-Abuse Group (MAAWG) jointly developed the recommendations outlined in "Anti-Phishing Best Practices for ISPs and Mailbox Providers." The paper provides technical and business practices to help ISPs and mailbox providers thwart phishing attacks and other malevolent network abuses and also includes practices to respond constructively when these attacks occur. “Phishing” employs deceptive technology such as spoofing and social engineering to steal consumers' personal identity and financial account data, and has become a major concern."

To download the full recommendations, click here.

The Secretary-General of the United Nations has announced the convening of the Internet Governance Forum, to be held in Athens on 30 October - 2 November 2006.

The Secretary-General's message is available in all UN languages: [English] [Français] [中文] [عربي] [Русский] [Español]. The message in English reads:

"The second phase of the World Summit on the Information Society (WSIS), held in Tunis on 13-15 November 2005, invited me to convene a new forum for multi-stakeholder policy dialogue -- called the Internet Governance Forum (IGF). The Summit asked me to convene the Forum by the second quarter of 2006 and to implement this mandate in an open and inclusive process.

The Government of Greece made the generous offer to host the first meeting of the IGF and proposed that it take place in Athens on 30 October - 2 November 2006.

I have asked my Special Adviser for Internet Governance, Mr. Nitin Desai, to assist me in the task of convening the IGF and I have also set up a small secretariat in Geneva to support this process. Two rounds of consultations open to all stakeholders held in Geneva on 16-17 February and 19 May have contributed towards a common understanding with regard to the format and content of the first IGF meeting. I have also appointed an Advisory Group with the task of assisting me in preparing the IGF meeting.

The Advisory Group held a meeting in Geneva on 22 and 23 May 2006 and made recommendations for the agenda and the programme, as well as the structure and format of the first meeting of the IGF in Athens.

As the IGF is about the Internet, it is appropriate to make use of electronic means of communication to convene its inaugural meeting. The document adopted by WSIS -- the Tunis Agenda for the Information Society -- calls on me "to extend invitations to all stakeholders and relevant parties to participate at the inaugural meeting of the IGF". Therefore, it is my pleasure to make use of the World Wide Web to invite all stakeholders -- governments, the private sector and civil society, including the academic and technical communities, to attend the first meeting of the IGF in Athens. The overall theme of the meeting will be "Internet Governance for Development". The agenda will be structured along the following broad themes.

• Openness - Freedom of expression, free flow of information, ideas and knowledge
• Security - Creating trust and confidence through collaboration
• Diversity - Promoting multilingualism and local content
• Access - Internet Connectivity: Policy and Cost

Capacity-building will be a cross-cutting priority.

The meeting will be open for all WSIS accredited entities. Other institutions and persons with proven expertise and experience in matters related to Internet governance may also apply to attend.

In its short life, the Internet has become an agent of dramatic, even revolutionary change and maybe one of today's greatest instruments of progress. It is a marvelous tool to promote and defend freedom and to give access to information and knowledge. WSIS saw the beginning of a dialogue between two different cultures: the non-governmental Internet community, with its traditions of informal, bottom-up decision-making; and the more formal, structured world of governments and intergovernmental organizations. It is my hope that the IGF will deepen this dialogue and contribute to a better understanding of how we can make full use of the potential the Internet has to offer for all people in the world.

(Signed) Kofi A. Annan" 

[via the Internet Governance Forum]

In a new scam, called vishing, identity thieves use bogus phone numbers instead of Web sites, reports PC World in a recent article featuring phishing scams on VoIP phones.

< show to starting increasingly is users, telephone or internet trick numbers Protocol) Internet over (voice VoIP easy-to-obtain using thieves with scam, theft identity of kind new A>"Related to phishing scams, the new scheme uses cheaply obtained VoIP numbers as bogus credit card or financial services telephone numbers", the article continues.  "With Internet users being warned about clicking on hyperlinks in unsolicited e-mail, the new scam includes a phone number instead". "It's a natural elevation of the art to move it to the telephone. People are getting nervous about clicking on links", the article states.

< show to starting increasingly is users, telephone or internet trick numbers Protocol) Internet over (voice VoIP easy-to-obtain using thieves with scam, theft identity of kind new A>

The articles gives examples of how these new scams take place: "In one vishing case, scammers targeted PayPal users by including a telephone number in a spam e-mail. In the other case, the criminals configured an automatic telephone dialer to dial phone numbers, and when the phone was answered, played an automated recording saying their credit card has had fraudulent activity. The recording asked the telephone customer to call a number with a spoofed caller ID related to the credit card issuer. Once users call, they are asked for personal account information."

VoIP numbers are easy to obtain anonymously, but an industry expert interviewed for the story did not fault VoIP providers for vishing scams. "A larger problem is the ease of obtaining credit online or over the telephone. Consumers are comfortable with obtaining credit online or by dialing automated telephone services to get credit, but if credit-granting businesses required physical contact, phishing and vishing scams would be almost eliminated. In today's environment, it's absurd," the industry stated.

Read the full article on the PC World news website.

A presentation entitled Cybersecurity & Spam after WSIS: How MAAWG Can Help (PDF) was made by Robert Shaw, Deputy Head, ITU Strategy and Policy Unit at the Messaging Anti-Abuse Working Group meeting held 27-29 June 2006 in Brussels, Belgium.

Anti–spam legislation for the Cayman Islands is being considered by the Information and Communications Technology Authority.

The ITCA is now seeking input through a public consultation campaign. The goal is to ensure that any anti–spam legislation enacted in Cayman Islands is an effective tool as part of a multi–pronged attack on spam.

More information can be found here.

The Department of Communications, Information Technology and the Arts has conducted a legislative review of the Spam Act.

The review is required by legislation to assess the operation of the Spam Act after two years of its operation. The Department prepared a report based on the submissions received. The Minister tabled the report in Parliament on 22 June 2006.

The Minister’s press release is available here.

More information can be found here.

The ITU held an international workshop under its New Initiatives Programme on the topic "The Regulatory Environment for Future Mobile Multimedia Services" in Mainz (Germany) from 21-23 June 2006. The final report [PDF]  of the chairman has now been published.

Workshop presentations can be found here. Background documents, including country case studies and thematic papers are also available on the workshop homepage.

Ministry of Information Industry (MII), Internet Society of China (ISC) and China Communications Standards Association (CCSA) launched a national anti-spam campaign on June 21, reports Nanfang Daily. An insider at ISC said MII has set up a hotline at 01-12321 for spam-related tip-offs and is preparing to send out one million anti-spam notices.

The report said that professional training will be offered for 1,000 email administrators and that 20,000 anti-spam volunteers will be recruited.

United Kingdom's Ofcom is currently working on a publication examining various national and international approaches to protecting consumers on the internet.

Coincidening with this publication, the regulator will hold a seminar will that allow stakeholders to examine the results of Ofcom's survey, hear the views of Internet industry stakeholders and discuss what can be done in the future to better protect consumers on the Internet. Ofcom organising such an event is a measure of the challenge posed to both regulator and consumer by the growth of net services and the collision of the highly regulated world of broadcasting with the virtually unregulated world of the internet.

This news item was accessed through Roger Darlington's CommsWatch blog.

According to a recently released article by CircleID, the United Kingdom today is one of the main attack targets by phishing organized crime groups, globally. Worldwide it is estimated (CircleID) that phishing damages will amount to about two billions USD in 2006 -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages.

In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users.

For more information see CircleID article on Phishing: Competing on Security. 

A news release by the Japanese MIC announces the signing of a "Joint Statement between France and Japan, Concerning Cooperation in the Field of Anti-spam Policies and Strategies".

Particular areas of cooperation will include:

• Exchanging information about anti-spam activities such as anti-spam policies and strategies, as well as technical and educational solutions to spam, including mobile spam;
• Encouraging the adoption of effective anti-spam technologies and network management practices by French and Japanese Internet service providers and major business network managers, and further cooperation between government and private sectors;
• Supporting French and Japanese marketers or bulk email senders in adopting spam-free marketing techniques;
• Identifying and promoting user practices and behaviours which can effectively control and limit spam and supporting the development of public relations and awareness campaigns for the multi-stakeholders to foster increased adoption of anti-spam practices and behaviours by end users in France and Japan;
• Cooperating to strengthen anti-spam initiatives being considered in international forum.

More information can be found here.

[Via APCAUCEWiki News]

The ITU has just published an Issues Paper on the Regulatory Environment for Future Mobile Multimedia Services, available for download here (.pdf format).

The paper was prepared by Lara Srivastava, of the Strategy and Policy Unit (ITU), and Ingrid Silver & Rod Kirwan of the law practice of Denton Wilde Sapte.

Together with case studies (on Germany, China, Hong Kong SAR) and a thematic paper on spectrum flexibility, these background papers will form part of the input material for an international ITU New Initiatives Workshop on The Regulatory Environment for Future Mobile Multimedia Services, to be held in Mainz (Germany) from 21-23 June 2006, and jointly hosted by Germany's Federal Network Agency.

The Advance Programme for the workshop is now on-line, and will be regularly updated.

More information about the ITU New Initiatives Programme can be found here.
More information about the international workshop on the topic can be found here.  

Do not panic if your data is hidden by virus writers demanding a ransom. A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back.

More information can be found here.

Australian PC users can now get more proactive about combating SPAM email with the launch of a reporting system by the Australian Communications and Media Authority.

More information can be found here.

The April MessageLabs Intelligence Report includes analysis of the threat landscape during the first quarter of 2006. Overall, threat levels remained largely stable with previous months, with the U.S. continuing to play the role as the largest source of malware, spam and phishing attacks, hosting 18.1 percent of the world’s compromised (zombie) computers in the first quarter of 2006 (down from a high of 44 percent in Q2 05).

More information can be found here.

Take Back the Net is an initiative of The Institute for Spam and Internet Public Policy (ISIPP). ISIPP is committed to helping to rid the Internet of spam and other illegal activities, and to helping people to secure their computers. Thanks to Suresh Ramasubramanian for the pointer.

Use the Internet at home and you have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto your computer. That's one of the unsettling conclusions from the 2005 Consumer Reports State of the Net survey of online consumers.

More information can be found here.

In a press release today, ITU announced a global opinion survey to assess trust of online transactions and awareness of cybersecurity measures. The survey was conducted by ITU in conjunction with World Telecommunication Day, celebrated on 17 May to commemorate the founding of ITU in 1865. The theme chosen this year — Promoting Global Cybersecurity — aims to highlight the serious challenges of ensuring the safety and security of networked information and communication systems.

The announcement of the results of the survey coincides with the launch of an ITU Cybersecurity Gateway portal. The portal is a global online reference source of national cybersecurity initiatives and websites around the world and provides an integrated platform for sharing cybersecurity related information and resources. Presenting information tailored to four specific audiences: citizens, businesses, governments, and international organizations, the portal also provides information resources on topical cybersecurity concerns such as spam, spyware, phishing, scams and frauds, worms and viruses, denial of service attacks, etc.

With thousands of links to relevant materials, ITU intends to constantly update the portal with information on cybersecurity initiatives and resources gathered from contributors around the globe. For example, a number of countries are now ramping up national critical information infrastructure protection (CIIP) programmes and sharing information on these initiatives through the portal can assist both developed and developing economies in promoting global cybersecurity.

These efforts highlight work being carried out as follow-up to the World Summit on the Information Society (WSIS) Action line C5 dealing with "Building confidence and security in the use of ICT", for which ITU is the facilitator/moderator.

Update: UN Secretary-General Kofi Annan has made the following statement in conjunction with World Telecommunication Day giving his perspectives on promoting global cybersecurity.

The Filipino telecoms watchdog, the National Telecommunications Commission (NTC), says it will revoke the mobile licence of any operator found guilty of breaking its guidelines on unsolicited broadcast messaging via SMS. The amended rules and regulations also require content providers – alleged to have sent out spam promos to subscribers – to register with the NTC.

This will serve as the basis of an application with the Department of Trade and Industry that grants permits to allow companies to advertise promos. Mobile phone operators and content providers risk being blacklisted if found guilty of violating the agency’s rules.

More information can be found here.

The Draft Amendement to the Rules and Regulations on Broadcast Messaging Service is available here.

17 May 2006 A global opinion survey to assess trust of online transactions and awareness of cybersecurity measures was conducted by ITU in conjunction with World Telecommunication Day, celebrated on 17 May to commemorate the founding of ITU in 1865. The theme chosen this year - Promoting Global Cybersecurity - aims to highlight the serious challenges of ensuring the safety and security of networked information and communication systems.

The announcement of the results of the survey coincides with the launch of an ITU Cybersecurity Gateway portal. These efforts also highlight work being carried out as follow-up to the World Summit on the Information Society (WSIS) Action line C5 dealing with "Building confidence and security in the use of ICT", for which ITU is the facilitator/moderator.

Mobile Industry Outlook 2006, a new 180-page report from Informa Telecoms & Media answers the most significant questions facing today's mobile operators, equipment vendors and handset vendors as they seek to plan their strategy in 2006.

The report is available here.

The Secretariat of the Internet Governance Forum (IGF) has released a summary of the discussions and contributions for the substantive agenda of the first meeting of the IGF, to be held in Greece later this year.

Singapore’s mobile users – 99.8% of Singapore’s population, according to the Infocomm Development Authority’s (IDA) February 2006 stats – will have more protection against mobile spam in the future. IDA has put its foot down on this issue, warning of “swift enforcement” of penalties should mobile operators continue to fail to resolve mobile spam issues satisfactorily.

A strong warning letter was sent to SingTel, StarHub and M1, the three mobile operators in Singapore. In addition, IDA decided to make an example of errant content operator mTouche in the highly publicized mTouche spam case. Between 30th January to 5th February this year, 300,000 mobile end users were billed S$1 for unsolicited SMSes sent by mTouche through the three telcos.

More information can be found here.

China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law. The new email licensing clause is just a small part of a new anti-spam law formulated by China's Ministry of Information Industry (MII).

The impact on corporate email servers, which are commonly used by companies with more than a handful of employees, appears to have gone unnoticed until now. However, Singapore-based technology consultant, James Seng, who first drew attention to the new email licence requirement, believes the inclusion of the prohibition on mail servers is no accident.

More information can be found here.

NetWizard's Blog points to the publishing of RFCs for authentication proposals Sender Policy Framework (SPF) and Sender-ID:

• RFC 4405 - SUBMITTER SMTP extensions to be used with Sender-ID
• RFC 4406 - main Sender-ID draft
• RFC 4407 - PRA algorithm (which is what Microsoft was trying to patent - also see this)
• RFC 4408 - main SPF draft

The "Survey on Industry Measures taken to comply with National Measures implementing Provisions of the Regulatory Framework for Electronic Communications relating to the Security of Services" conducted by the Technical Department of ENISA, Section Security Policies is available here.

Following a decision by ITU Council during Council 2006 held 19-28 April, the following documents are available: Council Document 2006/04: ITU activities related to Internet Protocol (IP)-based networks and management of Internet domain names and addresses; including activities related to Internet governance (PDF), Addendum 1 (PDF), Briefing Note (PDF).

References to related materials can be found here and here.

A new wave of spam could be on the way that tricks recipients by looking like it’s a message sent from their friends' e-mail address. This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.

Aycock and student Nathan Friess conducted research and wrote a paper dubbed "Spam Zombies from Outer Space" to show that generating such customized spam -- such as in the form of e-mail replies -- would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.

More information can be found here.

In a press release, the European Commission has indicated its views on follow-up to the international policy commitments made at WSIS:

To keep up the momentum of the successful World Summit on Information Society (Tunis, 16-18 November 2005), the European Commission has set out today its priorities for implementing the international policy commitments made at the Summit. These priorities include safeguarding and strengthening human rights, in particular the freedom to receive and access information. Information and communication technologies (ICTs) should be used to contribute to open democratic societies and to economic and social progress worldwide. The Commission calls for continuing international talks to improve Internet governance through the two new processes created by the Summit: the multi-stakeholder Internet Governance Forum and the mechanism of enhanced cooperation that will involve all governments on an equal footing.

The EC has also issued a FAQ on Internet Governance.