The Article:

Consumers Don’t Relate Bot Infections to Risky Behavior As Millions Continue to Click on Spam

San Francisco, March 24, 2010 –A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection. “Consumers need to understand they are not powerless bystanders.

They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman. “When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said. The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America.

The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States. It Won’t Happen to Me Syndrome Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally. This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan. Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

• Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
• Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
• On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
• Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers.
• Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
• Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

About the Messaging Anti-Abuse Working Group (MAAWG)
The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging industry comes together to work against spam, viruses, denial-of-service attacks and other online exploitation. MAAWG (www.MAAWG.org) represents almost one billion mailboxes from some of the largest network operators worldwide. It is the only organization addressing messaging abuse holistically by systematically engaging all aspects of the problem, including technology, industry collaboration and public policy. MAAWG leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services. Headquartered in San Francisco, Calif., MAAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

You can also read the original post at MAAWG (Messaging Anti-Abuse Working Group)

On Wednesday, December 9, 2009 at 06:20 (GMT), Project Honey Pot achieved a milestone:

It received its 1 billionth spam message. That message was a phishing scam regarding the United States Internal Revenue Service.

It was sent to an email address that had been harvested more than two years ago. More than just a single spam email, the billionth message represents the collective work of you and tens of thousands of other web and email administrators.

To celebrate that milestone, they have gone through 5 years of data to learn more about spammers and what they do. Below are some of their more interesting findings. You can also see the Full Report here.

Some Preliminary Statistics

• Monday is the busiest day of the week for email spam, Saturday is the quietest
• 12:00 (GMT) is the busiest hour of the day for spam, 23:00 (GMT) is the quietest
• Malicious bots have increased at a compound annual growth rate (CAGR) of 378% since Project Honey Pot started
• Over the last five years, you’d have been 9 times more likely to get a phishing message for Chase Bank than Bank of America, however Facebook is rapidly becoming the most phished organization online
• Finland has some of the best computer security in the world, China some of the worst
• It takes the average spammer 2 and a half weeks from when they first harvest your email address to when they send you your first spam message, but that’s twice as fast as they were five years ago
• Every time your email address is harvested from a website, you can expect to receive more than 850 spam messages
• Spammers take holidays too: spam volumes drop nearly 21% on Christmas Day and 32% on New Year’s Day

US-CERT encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Maintaining up-to-date anti-virus is vital. Some appliances, like the Barracuda Spam & Virus Firewalls that are used by CudaMail.com to filter mail are updated on a constant basis.

US-CERT will provide additional details as they become available.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

‘Follow the money’ With the recent stock market volatility creating interest and opportunity for a savvy investor the lure of all that money is attracting the attention of malware writers.

Michael Kassner the Manager of IT for Getinge LaCalhene and a well certified IT Professional recently ran into a piece of malware with a twist. Called Tigger/Syzor it appeared on the PC of a friend of Michael’s who is a day trader and deals with companies like E-Trade, ING Direct, Vanguard, Options Xpress, TD Ameritrade and Scottrade.

Guess what? Tigger/Syzor likes the same friends as it is a safe mode rootkit password stealing Trojan that targets day traders. Michael was able to use tools like Malware Bytes Anti-Malware (MBAM) to find and remove some files that were identified as malware but ultimately he went with a full clean re-install of the operating system and all applications just to be sure.

The day trader does keep his computer up to date with patches and program updates so what else could he have done? How about running in a virtual environment? With tools like VMWare Server being offered for free and giving you the ability to run an isolated second complete copy of the operating system and programs he could have run the tools that are critical to his job in one and done his research (web browsing) in a second. This isolates the whole system so that if one aspect of his system get’s infested he can just roll back to a previous version or snapshot without the infection and continue running with only a few minutes downtime and not a whole panic filled weekend.

He would even be able to turn off the day trading virtual system after the markets close and let his kids (I don’t know if he has any – just speculating) use a separate dedicated kids only virtual machine that was locked down and set to clear all changes when it was rebooted. This may require that a few additional licenses of Windows be purchased and a little discipline to not get lazy and browse from his critical virtual machine but as they say an ounce of prevention is worth a pound of cure. The day trading tools that he uses also have to be able to run in a virtualized environment and be supported by the vendor when running in such a way.

A second thing this day trader should do is run his home network like a corporate network with similar hardware (http://www.firewallshop.com) and protective measures in place. I’d hazard a guess that he is running a consumer level firewall (with unprotected wireless on too I’d bet) that acts as a one way valve using Network Address Translation (NAT) and very little else.

He makes his living by day trading so treat this network like the office it is and install a corporate level firewall like a FortiGate that does layer 7 anti-virus scanning at the edge. With the recent introduction of the FortiGate 30B Bundle the price of a very capable corporate level firewall has dropped to the $500.00 range with one year of updates and basic support. When your living depends on your trading thousands of dollars daily doesn’t it make sense to protect your investment and passwords with an enterprise level firewall?

Tigger.A: Sophisticated trojan that likes stockbrokers
http://blogs.techrepublic.com.com/security/wp-trackback.php?p=960

Michael Kassner
http://techrepublic.com.com/5213-6257-0.html?id=4730583

FortiGate 30B
http://www.firewallshop.com/detail.aspx?ID=257

US-CERT Current Activity

IRS Stimulus Package Phishing Scam

Original release date: February 6, 2009 at 10:03 am Last revised: February 6, 2009 at 10:03 am

US-CERT is aware of public reports indicating that phishing scams are circulating via fraudulent U.S. Internal Revenue Service emails offering users stimulus package payments. These emails include text that attempts to convince users to follow a link to a website or to complete an attached document. The website and document request that the user provide personal information.

US-CERT encourages users to do the following to help mitigate the risks:

* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
(pdf) document for more information on social engineering attacks.

Relevant Url(s):

====

This entry is available at: http://www.us-cert.gov/current/index.html#irs_stimulus_package_phishing_scam

That sad truth has bled Shane Symington out of almost $200,000 USD (£130,000) – all of his life savings – in a Nigerian 419 scam where they came after him not once but twice – the second time posing as a victim of the original scam to get him to shell out money to hire ‘ex-FBI agents’ in an attempt to ‘recover’ some of the original £100,000 taken by ‘Angela Gates’.

I guess you can be a dog and impersonate an FBI agent on the Internet.

More information on the Daily Mail website along with pictures of ‘Angela Gates’
http://www.dailymail.co.uk/news/article-1116067/Postman-loses-130-000-savings-Nigerian-internet-scam-duped-friend-met-MySpace.html

The warning to take from this is that no matter where you meet someone – in person or online – any deal that sounds too good to be true probably is.

- Shaun

http://www.itbusiness.ca/it/client/en/home/News.asp?id=50885

It is interesting to note that there are so many compromised bank accounts that they sell at a discount ($1,000 for an account with $40K in it. $10 for an account with $2500 in it) This tells us that the tricks the Cyber Criminals are using (phishing, vishing, spim) are working so you have to be careful out there or it will be your bank account that they are selling online.

Thankfully at IT Business they have provided the following list to remind us of what to and not do online.

Tips to protect yourself

• Use an e-mail filter to block fraudulent messages that are often used in phishing attacks . Use many layers of security such as anti-virus software, firewalls, and anti-phishing toolbars for your browser . Limit the amount of sensitive personal information on your computer.
• Use strong passwords and change them on a regular basis.
• Do not store online account passwords with your Web browser’s automatic feature.

Shaun