Wednesday 17 December 2008

Spyware News: Survey Highlights Time And Effort IT Must Spend On Malware

GreenBorder Technologies, Inc., a developer of Desktop DMZ software for Windows, recently announced survey results that provide insights into how dealing with malware is diverting enterprises from strategic security initiatives. In the survey, IT managers from more than 70 mid-tier companies nationwide identified data protection and privacy as their top priority for Internet security.

However, the companies report having to dedicate a significant percentage of their resources to cleaning up and patching infected systems despite near-universal deployment of conventional defenses such as anti-virus (97 percent) and network firewalls (96 percent), as well as widespread restrictions on use of Internet content (75 percent). User behavior and mobile systems were identified as the culprits that most often lead to malware penetrating the enterprise.

Designed to uncover key trends and current pain associated with malware penetrating the enterprise, the GreenBorder Internet Security Trends survey addressed various issues regarding Internet-based threats and their impact. The findings include:

 In ranking their biggest fears concerning malware, 56 percent of respondents rated data privacy and confidentiality number one, followed closely by cleanup efforts (54 percent) and interference with existing applications and systems (51 percent).

 When asked the top three ways malware gets into the enterprise, 67 percent of respondents said user behavior, 43 percent said zero-day attacks, and 33 percent blended and morphing threats.

 Eighty percent of respondents reported that it takes at least half a day to a day to clean, re-image, and restore PCs affected by malware.

 Seventy-five percent of respondents reported having had a rolled out patch that caused more problems then it solved.

 Respondents named compliance and confidentiality as their number one security business initiatives (87 percent), followed by better protections against Internet-borne threats (67 percent) and better protections for mobile users (53 percent).

Recent findings from the Deloitte Touche Tohmatsu (DTT) 2005 Global Security Survey corroborate the GreenBorder survey results, according to GreenBorder Technologies. The DTT survey found that the increasing sophistication of threats (63 percent) and the lack of employee awareness (48 percent) contribute to an environment of exploitable vulnerabilities and weak operational processes.

According to the 2005 CSI FBI Computer Crime Survey, such an environment comes at a high cost -- virus attacks continue to swamp all other categories as the source of the greatest financial losses in 2005, with an associated cost of more than $42 million. According to the CSI survey authors, "respondents are more accurate than ever in accounting for their explicit costs (such as the cost of reinstalling software and reconfiguring computer systems)." These findings underscore the significant value that can be delivered by innovative technologies that account for the changing nature of Internet-based threats and the online behavior of today's users, the CSI FBI survey found.
Posted by at No comments:

Spyware News: NovaShield Wraps Up 2008

NovaShield, Inc., a leader in advanced anti-virus and anti-malware technology, today announced some of the key milestones from 2008 -- which was an important year as new technologies came to market to help consumers and small businesses better fight growing virus and malware problems.

As the New York Times reported, F-Secure, another Internet security provider, has research that shows malware is growing at an astounding rate. This growth in new malware is why NovaShield was created -- to find new approaches to keep consumer PCs safe in an environment where traditional signature-based solutions aren't keeping up.

In 2008, NovaShield:

Secured funding to find new anti-virus approach: In March, NovaShield received a Phase II Small Business Innovation Research (SBIR) grant from the U.S. National Science Foundation (NSF) to help continue the commercialization of NovaShield's breakthrough research targeted at detecting and preventing sophisticated zero day security threats including botnets, Trojans, keyloggers and rootkits. Fortune Small Business Magazine wrote an article on the funding.
Completed comprehensive beta testing program: In April, NovaShield launched a free trial version of its product. NovaShield spent the following 8 months building almost 1,000 users who beta tested NovaShield's breakthrough product before launching the first commercial product in November. USA Today reporter Byron Acohido who also wrote the book "Zero Day Threat" talked a little about NovaShield's approach on his Zero Day Threat blog.

Launched the first commercial version of NovaShield 2.5: In November, NovaShield launched NovaShield 2.5 -- the first commercially available version of its product. The product started selling for 1 and 2 year subscriptions after a 15-day free trial period. Early feedback and increasing sales show that consumers want to augment their existing PC protection.

Achieved industry recognition: In November, NetworkWorld magazine named NovaShield a "10 IT security companies to watch." Matt Hines, a security blogger for eWeek Magazine wrote in November "(NovaShield's) unique new approach to stopping malware could prove helpful and will likely be bought or copied by its larger rivals, many of whom are struggling to find new ways to offset the issue that their traditional sig-based AV products can't prevent many of today's most aggressive attack methods."

"We are quite proud of our first year on the security market," said Praveen Sinha founder and CEO of NovaShield. "At a time when hackers are bringing new levels of threats to consumers and small businesses -- we are taking a methodical approach to bringing a new level of threat protection to the market."

Pricing and Availability

NovaShield AntiMalware 2.5 is available for a free 15-day trial and with a 1 or 2 year subscription. Introductory pricing for 1-year single-user license is $19.95. Introductory subscription price for 2-year single user license is $34.95. Family packs and 10-user small business packs are available. The NovaShield 2.5 anti-malware product is available for download from www.novashield.com.

About NovaShield

NovaShield Inc. ( www.NovaShield.com), founded by leading scientists at the University of Wisconsin, develops technology to detect and eliminate the next generation of malware threats on personal computers. Their breakthrough approach rapidly identifies previously unseen malware by using specification-based monitoring, a unique real-time approach for effectively detecting looming threats. The NovaShield team has developed the most advanced and accurate anti-malware product available to consumers and businesses with the best-in-class ability to find new threats such as drive-by-downloads, Trojans, botnets, keyloggers, and rootkits. Funded by two competitive grants from the National Science Foundation (NSF) and private investors, NovaShield is based in Madison, Wisconsin.
Posted by at No comments:

Spyware News: Google AdWords Isn’t Perfect! Serves Up Phishing Sites & Malware

News flash folks, Google AdWords is not perfect and can be exploited. There are times when people can go into the AdWords system and trick Google into serving up ads for phishing sites and malware downloads. Yes, this happens and happens often enough.

I am not trying to depend Google but they probably automatically approve tens of thousands of ads daily. There is always a possibility of someone getting through the system. Let me share two examples.

WebSense reported Google was serving up an AdWords ad for a site that was having users download malicious software. The software was disguised as Winrar application and was showing up for a keyword search on winrar. WebSense goes through the details of how this specific application infected a computer.

The second case was sent to me by a reader this weekend. He showed me how a search for adwords, yes, Google’s own trademarked product, was returning an ad at the top promotion spot, that was disguised as the AdWords login page. Yes, this page was a phishing page, used to capture the username and password of unsuspecting AdWords advertisers. You were taken from the ad, to a site that looks exactly like the true AdWords login page, then, once you submitted your username and password, it would then redirect you to the true AdWords login page. But the redirect would only happen after this phishing site has already stolen your login credentials.

I notified Google and it was removed a few hours later. I didn’t blog about it then because, like I said above, “AdWords isn’t perfect” and they make mistakes.


Posted by at No comments:

Spyware News: "Huge Increase" in Internet Explorer Attacks can be Mitigated by Configuring Windows Users to Operate without Admin Rights

Microsoft Corp. has warned of a "huge increase" in attacks exploiting a critical vulnerability in all versions of Internet Explorer (IE). Most troubling for enterprises is that the attacks are increasingly being launched from legitimate Web sites.
"Some legitimate Web sites were maliciously modified to include the exploits," said Microsoft's Ziv Mador and Tareq Saade in a posting on Microsoft's Malware Protection Center Blog. They went on to note that, "a significant number of users have been affected."
With exploit code now publicly available, the threat will grow in the coming days and weeks. To mitigate the attack, Microsoft recommends that users be configured without administrator rights. Users whose accounts are configured to have fewer user rights on the system will have additional protections in place to prevent the installation of rootkits and key loggers, as well as other potential malicious activities.
"There is no longer any practical reason that an organization should configure its users to run with administrative rights," said John Moyer, CEO of BeyondTrust. "We have worked with hundreds of companies who were fed up with their exposure to malware and have responded by implementing the security best practice of Least Privilege in their Windows environments. By removing admin rights, these companies have experienced a drastic reduction in malware and greater protection from zero-day threats like the latest IE attack, which impacts the vast majority of IE users."
Microsoft's recommendation comes on the heels of a growing trend among organizations to remove administrator rights from users. By configuring users as standard users, malware can no longer leverage administrative privileges through various Microsoft security vulnerabilities to compromise corporate networks and data. One example of the trend in organizations to remove admin rights is the federal government's recent mandate prohibiting federal employees from logging into XP and Vista as administrators.
For more information, or to speak to BeyondTrust about how organizations can reduce their vulnerability to zero-day threats by configuring end-user PCs to run without administrative rights, please contact Dave Bowker or April Byron at 781-684-0770 or beyondtrust@schwartz-pr.com.
About BeyondTrust
BeyondTrust Corporation, a pioneer in Least Privilege Management, enables enterprises to move beyond the need to trust users with excess privileges or administrator passwords. BeyondTrust Privilege Manager was the first product to enable the security best practice of Least Privilege in Windows environments by allowing administrators to assign end-users permissions for required or selected applications. Least Privilege strengthens security by limiting users to the permissions they need to do their jobs. Hundreds of organizations worldwide in industries such as financial, healthcare, government and military rely on BeyondTrust Privilege Manager to secure their enterprises. For more information, visit www.beyondtrust.com.
SOURCE: BeyondTrust Corporation
Posted by at No comments:

Spyware News: SpyZooka: Fast and Effective Removal of AntiVirus Sentry and Other Malware

Blue Penguin Software recently announced that its anti-spyware program SpyZooka is effective at removing AntiVirus Sentry, among other malware. SpyZooka is in the unique position of being the only product on the market to guarantee 100% removal of all malware, Trojan horses, adware, hijackers, botnets and other spyware threatening the performance and security of computer systems.

An increasing number of computer systems are falling prey to the AntiVirus Sentry, malware disguised as anti-virus software. As a result, the recent announcement that SpyZooka is capable of removing AntiVirus Sentry from computer systems is good news for those whose systems have been infected by the rouge AntiVirus Sentry.

Like other forms of malware, AntiVirus Sentry typically attaches itself to a system without permission via Trojans and other deceptive methods. Once attached, AntiVirus Sentry will bombard the system with false security warnings aimed at convincing users to purchase the useless software. AntiVirus Sentry jeopardizes your computers security and slows its performance.

AntiVirus Sentry, like all spyware, can also be incredibly difficult to remove. The effort can be both expensive and time consuming. SpyZooka is an effective, affordable means of removing AntiVirus Sentry. SpyZooka also protects systems from being hijacked by the dangerous malware program in the first place.

Posted by at No comments:

Spyware News: Cybercriminals out in force

Going online instead of going to the mall can be a convenient and cheaper way to get the holiday shopping done. But it can have a downside.

Cybercriminals tend to come out in force around peak shopping times. Online shoppers, unless they guard against the threat, run the risk of having their credit-card and bank-account numbers stolen without even knowing what has happened — until it’s too late.

"The peak shopping period is an ideal time for criminals to target for . . . attacks," said Symantec’s Vincent Weafer, a vice president in the security company’s research group.

With a week and a half to go before Christmas, this week is likely to see heavy online traffic.

On the Internet, shoppers can find a vast variety of items, often at discount prices. And online shopping can spare consumers from the hassle, traffic and parking problems at a physical shopping center, as well as the lines at the post office.

With that in mind, more than half of U.S. households are likely to shop online this holiday season. The market research firm Forrester Research projects that U.S. consumers will spend $44 billion online in November and December, up 12 percent from a year earlier.

The growth in online shopping hasn’t gone unnoticed by criminals. Many have turned to the Internet as a relatively easy way to steal a buck.

In the month before Thanksgiving week last year, the security company PC Tools observed a steady rise in the amount of malware intercepted by computers running its security software.

It was as if the bad guys wanted to have their software in place "before the shopping began," said Michael Green, PC Tools’ vice president of product strategy.

Traditionally, viruses and other malicious computer programs were simply nuisances. They might shut down your machine or even wipe out your hard drive, but the damage they did was limited to your computer and its data.

That has changed dramatically in recent years as criminals have started to employ malicious programs to steal consumers’ personal and financial information, such as Social Security, bank-account and credit-card numbers. Unlike a virus that shuts down a computer, spyware and malware can run quietly in the background, often without a PC user knowing that it’s there.

"The profile of malware authors has shifted from punks to professionals," said Nick Selby, a security analyst at the 451 Group, an industry research firm. "They’re doing it for money."

As the nature of malicious software has changed, so too have the means of infecting consumers’ computers, analysts say. Increasingly, PCs are infected when they visit Web sites that can exploit security holes in their Web browsers or browser plug-ins like Flash.

Sometimes these sites are legitimate shopping destinations that have been unwittingly compromised. Other times, criminals use what security experts call "social engineering." That could mean directing consumers to a particular site via an e-mail link to what promises to be a funny, controversial or topical video.

"The bad guys know . . . what people click on," said Patrick Runald, chief security adviser at F-Secure, a security software company. "These guys stay up with current events."

Security experts say it’s difficult to estimate the size of the spyware threat, especially given that many exploits may go unnoticed. But F-Secure detects about 80,000 to 100,000 new suspicious files each day, Runald said, of which 20,000 to 25,000 are new types of malware files that need to be combated.

Meanwhile, the number of identity-theft complaints collected by the Federal Trade Commission’s Consumer Sentinel program hit 258,427 last year, more than a third of which involved stolen credit-card or bank-account numbers.

Despite the dangers, no one’s telling consumers to abandon their online shopping carts. Instead, security experts advise consumers to take practical, often obvious steps to protect themselves.

The most basic steps consumers can take are to install a security program on their PCs and to make sure that it and other software on their computers — particularly their operating systems, Web browsers and browser plug-ins — are kept up to date. Software updates frequently plug known security holes and, on the security-software side, provide protection against newly discovered malware.

Beyond that, security experts recommend using common sense — and staying vigilant. Consumers should be wary of clicking on e-mailed links or visiting unfamiliar Web sites, they say.

It’s a good idea to go to security sites, such as one run by F-secure, that offer free malware scans. And they should keep a lookout for strange charges on their credit-card statements.

"I can’t say there’s a magic bullet," said Natalie Lamber, a security analyst at Forrester. "It comes down to good computer hygiene."

Protecting yourself To ward off cybercriminals, online shoppers should take the following steps, security experts say:

Run security software:You shouldn’t be online without it.

Keep your programs up to date:Make sure you’ve downloaded and installed the latest updates for your security software, operating system, Web browser and browser plug-ins.

Be wary of e-mail links: Many will take you to sites you don’t want to visit.

Scan your PC: Free online software can tell you if your computer has any known malware installed.

Stick to the well-lighted places: You’re less likely to encounter malware at known and reputable online sites than at other places.

Check your statements: Keep an eye out for questionable charges in your credit-card and bank accounts.

Posted by at No comments:

Spyware News: Malware and "Malicious Intent" Most Prevalent Cyber Threats; Seniors Main Targets of Fraud

Nearly 60 percent of people who reported being victims of cyber crime experienced malware and "malicious intent" -- either phishing attempts, fraud, ID theft, spam or a computer intrusion -- according to an analysis of data collected from the "Take a Byte Out of Cyber Crime" campaign, which was initiated by the Chief Marketing Officer (CMO) Council and its public sector partners.
Disturbingly, 28 percent of people reporting cyber crimes indicated that they were victims of online fraud -- with nearly half of those complainants being aged 60 or over. As a result, the CMO Council has launched a new initiative with AVG Technologies -- called Slam the Online Holiday Scam -- to give away security software for use during the holiday season to identify fraudulent eCards and eGreetings that contain malware or send recipients to bogus or contaminated Internet sites to collect personal identity information.
According to cyber crime analytics, harassment was the second most prevalent form of online threats and digital intrusion. More than 40 percent of the complaints were from people who indicated they were victims of either cyber-bullying (defined as the repeated hurtful or damaging remarks posted on online forums or messages sent electronically) or cyber-stalking (which refers to the use of the Internet, e-mail or other electronic communications to surreptitiously follow or haunt a person).
The Take a Byte Out of Cyber Crime program ( www.bytecrime.org) is an ongoing public service campaign sponsored by the Chief Marketing Officer (CMO) Council in association with leading public- and private-sector partners. The campaign website collects information on computer security breaches logged by visitors to the Bytecrime.org Cyber Crime Center and provides free, downloadable content for adults and children, entitled Mind What You Do Online.
Since the launch of Bytecrime.org in 2006, computer users have accessed its educational resources to protect themselves, their families and friends from the growing incidence of cyber crime. The Cyber Crime Center has captured reports from over 250 computer users in North America, Asia, Africa and the Middle East.
Other notable findings from the analysis included: 
--  Of all cyber crimes committed, 18 percent of the people who reported
   them knew the perpetrators personally. This finding relates to the fact
   that 14 percent of all attacks involved social networking sites -- an
   increasingly prominent e-communication context for computer crimes and
   online harassment.
--  Twenty (20) percent of cyber crimes took place over instant messaging
   channels. Several reports chronicled harassment of computer users in online
   gaming chat rooms.
--  Thirteen (13) percent of the complainants cited child pornography-
   related crimes... including unsolicited or obscene materials sent to a
   child, or online enticement of children for sex acts.



"It's alarming to find that more than half of the people who reported cyber crime experienced fraud or harassment -- and that many of those victims were senior citizens," said Donovan Neale-May, executive director of the CMO Council. "What's more, it's distressing to see the growing incidence of cyber crimes taking place in social network environments and through instant messaging.
"Our analysis reinforces the fact that computer users must be even more vigilant -- especially in increasingly popular cyber contexts like social media -- if they're to protect themselves from onerous cyber attacks," Neale-May added.
Take a Byte Out of Cyber Crime is one of several programs being undertaken by the CMO Council to chronicle -- and help combat -- the increasing scope and severity of cyber crime.
Two other CMO Council-supported cyber crime prevention initiatives are currently underway. They include "Protection from Brand Infection," which examines the brand image and integrity issues of online counterfeit sales, gray market knock-offs, phishing attacks, email scams, online brand and trademark abuse, domain kiting, pay-per-click fraud, copyright and patent infringements, as well as product piracy and fakes. The new "Slam the Online Holiday Scam" initiative is being underwritten by the computer security software company, AVG Technologies, and is designed to help consumers combat fraudulent e-cards and other online scams by offering safety tips and free anti-virus software ( www.avgfree.com).
About the CMO Council
The Chief Marketing Officer (CMO) Council is dedicated to high-level knowledge exchange, thought leadership and personal relationship building among senior corporate marketing leaders and brand decision-makers across a wide-range of global industries. The CMO Council's 3,500 members control more than $100 billion in aggregated annual marketing expenditures and run complex, distributed marketing and sales operations worldwide. In total, the CMO Council and its strategic interest communities include over 6,000 global executives across 57 countries in multiple industries, segments and markets. Regional chapters and advisory boards are active in the Americas, Europe, Asia Pacific, Middle East, Latin America and Africa. The Council's strategic interest groups include the Coalition to Leverage and Optimize Sales Effectiveness (CLOSE), Brand Management Institute, and the Forum to Advance the Mobile Experience (FAME). More information on the CMO Council is available at www.cmocouncil.org.
Posted by at No comments:

Spyware News: Several Attacks Behind CheckFree Data Breach

The cybercriminals who breached the CheckFree bill paying service last week used a combination attack that may be almost impossible to stop.

Visitors to the CheckFree site were redirected without their knowledge to a server in the Ukraine, where malware was automatically downloaded into their PCs, Amit Klein, chief technology officer at Trusteer, which protects desktops from malware and fraudulent Web sites, told InternetNews.com.

"The fact that it's so easy to get hold of critical or enterprise assets such as credentials for a corporation's DNS domain, Web servers, or firewall, is troubling," Klein said. "Each credential lets you manage critical assets and makes it possible for attackers to control enough parts of your infrastructure to cause a mass infection of your own customers."

The worst part is that so far, no one seems to know just what the malware does once it is installed on the victim's computer. Stephan Chenette, manager, security research at Web filtering solution provider Websense, thinks it might be a password stealing Trojan.

Eventually enterprises may end up becoming the means for infecting a large portion of Internet users, Klein said. A similar attack compromised two Business Week sites earlier this year.

The CheckFree breach is especially troubling because its domain name host, Network Solutions, hosts the majority of financial institutions' Web sites, Klein said.

Fiserv, the parent company of CheckFree, one of the largest online bill processors in the U.S., and Network Solutions, CheckFree's domain name registrar, had not responded to requests for comment by press time.

Trusteer's Klein said the attackers used a combination of phishing (define) to get system administrator information to hijack the CheckFree site, pharming (define) to remap the CheckFree site to the server in the Ukraine, and a drive-by malware injection into the PCs of all visitors to the site.

There's more to come

One of the most high profile victims of such password-stealing Trojans this year was NASA's International Space Station. "In 2009, attackers will use more and more password stealing Trojans and these will be looking for e-mail account and Web site credentials," said Chenette.

"We will also see an increase in SQL injection attacks and greater use of targeted phishing attacks," Chenette added. These targeted phishing attacks will provide attackers the necessary credentials to alter a Web site's content and redirect unsuspecting users of some of the largest, most reputable and most trusted Web sites to their own sites.

The problem is difficult to solve because it involves user education, Chenette said. "Our research shows users aren't patching their operating systems, browsers or applications as quickly as they should," he explained. "There are multiple exploits out there which are over two years old and that are still highly successful."

Another problem is that many desktop antivirus vendors are still focusing on viruses and malware and not on Web exploits, Chenette said. Even then, they are losing out to the bad guys. "In many cases, security companies are trying to keep pace with the virus writers," he said.

"Users can protect themselves from malicious content, whether it's a Web exploit or a virus, by updating their desktop antiviruses, browsers and browser plugins."
Posted by at No comments:

Spyware News: Trojan Used To Increase Traffic

The latest Chinese dirty trick to lure users to a website is malware spam. To be more precise, we're talking about a Trojan, detected by Sophos as Troj/Agent-GYC.

It works as follows: first, the Trojan changes the default home page of the Internet Explorer browser and sets the site in question as the new one. Furthermore, the Trojan also downloads and installs and adware app known as Baidu Bar.

The malware has been designed to automatically open the website in question, thus boosting its traffic:

“Checking the web traffic usage for the domain in question shows an interesting trend. There is an obvious increase in traffic volume starting 2 weeks ago - hmm…could this be the result of start-page Trojans?,” reads the Sophos blog.

Some update your anti-malware software and try to restrict your web surfing to legitimate sites.

Posted by at No comments:

Spyware News: XSS vulnerabilities discovered in Facebook, closed quickly

Facebook has closed a number of cross-site scripting (XSS) vulnerabilities that left users open to phishing attacks and identity theft.

The vulnerabilities were reported Monday by XSS archival website, xssed.com. The vulnerable Facebook areas included the developer's page, new user's registration page, iPhone login page and the applications page. The vulnerabilities could have been exploited to infect users with malware, adware and spyware, according to xssed.com.

“We take security issues very seriously and these were closed within hours of receiving the reports,” Facebook spokesman Barry Schnitt said in an email. “There haven't been any reports of exploits.”

Researchers Zeitjak, David Wharton, Daimon and p3lo discovered the flaws and posted proof-of-concept code on the xssed website on Monday. Xssed.com security researcher, Dimitris Pagkalos, noted the vulnerabilities yesterday as being “highly critical”.

“The amount of time and effort required to fix an XSS vulnerability largely depends on the organization,” Jeremiah Grossman founder and CTO of WhiteHat Security, said in an email to SCMagazineUS.com Tuesday. “The more familiar they are with the issue, typically, the faster they are able to remediate.”

To protect themselves, users might consider installing the NoScript plugin and exercising additional caution when clicking on Facebook links from non-trusted sources, Grossman added.

XSS vulnerabilities are not new to social networking sites. In October 2005, a MySpace user unleashed an XSS worm called the Samy worm that allowed him to add one million users to his "friend's" list.

Facebook has not been without its share of other security issues. In one of the largest spam-settlements of its type, Facebook last month was awarded $873 million in damages against a junk mailer.

Also, since the summer, a worm called Koobface has been circulating on Facebook, spreading itself through users' friend lists. The virus installs a component that watches infected users' HTTP traffic with the intention of hijacking a user's internet search results.
Posted by at No comments:

Spyware News: Online Fraud Rampant in Tennessee, Virginia

A couple of months ago, a Twin City woman met a guy on an Internet dating service and a romance began.

Although there were only words between them, a certain trust developed. At least that’s what police think. What law enforcement officials know is that the woman went to her new love’s aid when he called from a foreign country in dire straits – and she lost $7,000.

“He told her he was in Africa, I think,” said the Bristol Virginia police officer. “He said he was giving a business proposal and his laptop died. He ended up
getting thousands.”

Her story is not unique. In fact, these scams are so prevalent nationwide that the FBI has labeled them romance fraud – and they are just one of a number of scams that annually rob people of millions of dollars, according to the FBI’s Internet Crime Complaint Center.

“E-mail scams are running rampant,” said Nicole Slagle, crime prevention coordinator at the Bristol Virginia Police Department. “I get them all the time.”

Last year in Virginia, 5,270 people reported complaints, ranking the state 11th nationwide in complaints per 100,000 residents, according to the FBI. In Tennessee, 3,147 complaints were filed, placing the state 31st in the rankings.

Variety of crimes

Other cyber scams and fraud, as categorized by the FBI, include: nondelivery of goods; check fraud; credit card fraud; confidence fraud; financial institutions fraud; identity theft; the Nigerian letter fraud; and threats.

And in 2007, those Internet crimes cost Americans a whopping $239 million – up $40 million from the year before, making it the fastest-growing crime worldwide, the FBI said.

What’s more, the holiday season is here and online commerce is booming. Backpacked to that boom, the FBI said, is a cyber scam surge.

“These cyber scammers will do whatever they can to steal your money and personal information this holiday season and are trying many different ways to commit these crimes,” Shawn Henry, assistant director of the FBI Cyber Crime Division, said in a written statement.

So the federal government is expanding efforts to spread the message to all citizens about their best defense: click with caution.

In 2003, the Internet Crime Complaint Center was named in a joint effort by the FBI and the National White Collar Crime Center to provide a place where people can report cyber crime and to broaden law enforcement’s ability to combat such crimes.

And since 2000, authorities on national, state and local levels have poured money into establishing task forces specifically to track and fight such crimes.
If you are hit, the FBI encourages you to file a complaint with the Internet Crime Complaint Center at http://www.ic3.gov.

Running rampant

Virginians lost $5.9 million dollars in Internet fraud last year, while Tennessee saw lower numbers, with a total 2007 loss of more than $3.4 million, the FBI’s Internet Crime Complaint Center states.

Nearly 40 percent of Virginia’s victims reported a loss between $100 and $999. Coming in at a close second were the 34 percent of victims reporting losses
somewhere between $1,000 and $9,999, according to the FBI.

And the Twin City is not immune. In recent months, Bristol Virginia Police Capt. Maynard Ratcliffe said several residents have reported being victimized by such scams. Over the past five years, he said, the number has climbed considerably.

Earlier this month, a Bristol Virginia man won an eBay auction when he bid about $2,500 on a rare baseball card, one officer recalled. But when his package arrived, the card wasn’t in it – and neither was his money.

“The guy who sold it said the card was there when he sent it. He even said he has witnesses that could back him up,” the officer said. “The guy here swears there was no card. It’s one guy’s word against another, and there’s not much you can do in that situation.”

Auction fraud, which includes the baseball card dispute, is Virginia’s – and the nation’s – most common cyber crime, constituting 37.2 percent of the online fraud statewide.

Because of the increase in cyber crime, and the difficulty law enforcement faces in prosecuting such cases, the Bristol Virginia Police Department has joined the FBI in stepping up efforts to educate folks on how to avoid them. They are offering educational forums at local senior centers and distributing informational pamphlets, among other programs.

E-mail embarrassment

On Dec. 9, Ratcliffe got yet another call from a resident complaining of e-mail fraud.

“I get a few people every month telling me this happened to them,” he said. “But a lot of people feel embarrassed when it happens… . They feel like they got had. So they don’t want to tell anyone.”

While Internet fraud hit a record high across the nation last year, perhaps the most alarming aspect is the method by which most of these cyber predators hunt: e-mail.

The FBI reports that a titanic 73.6 percent of folks who fell prey to online predation in 2007 did so by simply clicking a link sent to them in an e-mail.

“Anytime you get an e-mail from someone you don’t know, or an e-mail address you don’t recognize, be wary of opening it,” said Paul Bresson, a spokesman for the FBI. “Just the simple act of opening it can be harmful.”

Susceptible populations

Slagle said no one is impervious, but some groups are considered more vulnerable.

“Older people are particularly susceptible,” she said. “When they were growing up, there weren’t threats lurking in every corner. Computers are relatively new, and many of them want to reach out and help others. That’s why we think they’re more often targeted and victimized.”

Slagle said her department travels to area senior centers to educate residents about online safety. Recently, she said, an older man lost everything in cyber scams.

“He drained his bank account entirely,” she said. “Once someone becomes a victim, it can escalate from there. Word of mouth spreads that a particular person was scammed, and other scammers target them. It’s gotten to the point where people are getting death threats if they don’t comply.”

Bristol Virginia police Sgt. Milo Brunson said, “They might not even use the information they steal from you themselves; they get a credit card number, for example, then sell it to someone else in a chat room.”

Global marketplace

Ironically, it’s the Internet’s most appealing quality – its global reach– that makes it nearly impossible to police, Slagle said.

A Bristol, Va., resident taps his or her mouse as their cursor hovers over an infected link, and a criminal sitting thousands of miles away in a foreign country can suddenly access personal information on their computer.

“If the perpetrator is local, the department can get on it quickly,” Slagle said. “But if the scam originates overseas, it’s next to impossible to catch the guy.”

So the best offense is defense, and by following a few guidelines and with a quick trip to an area store, online shoppers can adequately protect themselves, Ratcliffe said.

Home protection

Shawn Miller owns Computer Pros, a Lee Highway store he opened in 2003.

“The most common thing we do here is remove viruses. We do it several times a day,” Miller said. “All the time, I have people come in here and say they got a free anti-virus program off the Internet, and it’s infected.”

The scam Miller encounters most often originates in free downloads offering anti-virus programs, he said. The scam works by offering the free service, and after folks download it – usually just by clicking the link – it doesn’t work. Then, after folks get increasingly frustrated with the nonworking program and they can’t get rid of it, they comply with the company’s request for a fee to initiate service.

After they pay, Miller said, it still doesn’t work.

His advice: “The biggest thing would be to have a good anti-virus program – and don’t download one off the Internet for free.”

Firewalls are another option. But Miller has reservations.

“Firewalls are highly overrated,” he said. “They are supposed to keep hackers out of your computer, but it’s not as serious a problem as people think.”
More serious are the viruses, and downloading unfamiliar software.

Miller recommends the Norton anti-virus program, which costs about $40 and can be bought at most computer retailers. New computers, he said, often come with a free 30-day trial of anti-virus software, but people often don’t realize when the month ends that they need to buy the program themselves.
Plus, he said, it’s important to keep up with Windows updates.

Bresson, with the FBI, said the best rule to follow is: “If it seems too good to be true, it probably is.”

Posted by at No comments:

Spyware News: Stop Using Internet Explorer Now (MSFT)

A security vulnerability in Microsoft's browser Internet Explorer allows bad guys to take over user computers and direct them to unsafe Web sites, the company admitted today.

Microsoft says users can take four steps -- outlined below -to avoid falling prey to the vulnerability. But some security experts told the UK's Times that users are better off simply switching to Google Chrome of Firefox.

Microsoft’s advice for Internet Explorer users

1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.

2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.

3. Set zone security to high.

4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.

Posted by at No comments:

Spyware News: AVG 8.0 Protects Against Dangerous Internet Explorer Vulnerability

AMSTERDAM, Netherlands, Dec 16, 2008 /PRNewswire via COMTEX/ -- Security software from AVG effectively blocks attempts by cyber criminals seeking to capitalize on the recently discovered vulnerability in Microsoft's Internet Explorer web browser. The vulnerability enables unauthorized third parties to take control of users' PCs by tricking them into visiting poisoned web pages.
AVG, the global anti-virus and Internet security software provider with over 80 million users in 167 countries, today assured computer users that its commercial AVG 8.0 security software products have provided protection against this vulnerability since December 11th. AVG estimates that its software has already blocked close to 5,000 attacks against 3,000 users since Microsoft announced the flaw.
Computer users can immediately safeguard their systems by downloading a trial version of AVG software at http://www.avg.com.
"Today, the fastest growing dangers on the Internet are fast-moving, transient threats that appear on one or more web sites temporarily, from a few weeks to just a few seconds," noted J.R. Smith, CEO of AVG Technologies. "Because they're so fleeting, these threats are easily missed by typical built-in browser security measures, and require the real-time detection capabilities of technology like LinkScanner, which tracks the spread of specifically these types of threat and blocks them before they can endanger users' valuable information."
According to Roger Thompson, AVG's Chief Research Officer and original developer of the LinkScanner technology, the likely perpetrators of this particular IE vulnerability exploit are the same people who have been stealing World of Warcraft passwords from users for the past couple of years.
AVG software provides the most timely, precise and reliable safe searching and surfing protection by analyzing web pages at the only time it matters -- when the user is about to visit them. AVG offers the security software industry's only real-time web exploit detection and prevention, using proprietary behavioral analysis and other breakthrough technologies to protect personal information and defend against unwanted intrusions while users are on the web.
About AVG Technologies
AVG is a global security solutions leader protecting more than 80 million consumers and small business computer users in 167 countries from the ever- growing incidence of web threats, viruses, spam, cyber-scams and hackers on the Internet. Headquartered in Amsterdam, AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free online, downloadable software model allows entry-level users to gain basic anti-virus protection and then to easily and inexpensively upgrade to greater levels of safety and defense in both single and multi-user environments. Nearly 6,000 resellers, partners and distributors team with AVG globally including Amazon.com, CNET, Cisco, Ingram Micro, Play.com, Wal-Mart, and Yahoo!. More information is available at http://www.avg.com.
SOURCE AVG Technologies
Posted by at No comments:
Subscribe to: Posts (Atom)