Spam Down but “Zombie” Armies Growing: McAfee

 

The United States unseated China as the country with the most “botnet-infected” computers, accounting for 18 percent of the world’s “zombie machines” as compared with China’s 13.4 percent, according to McAfee. Australia “rocketed” to third place on the list with 6.3 percent of the world’s zombie computers after not even being it into the Top 10 list at the end of last year.

San Francisco (AFP) May 6, 2009
Hackers appear to be beefing up armies of “zombie” computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee.A McAfee report said that during the first three months of this year, nearly 12 million new computers were added to the ranks of machines infected with “malware” that lets cybercriminals use them to spew spam.

The ominous news came with word that the amount of spam dropped 20 percent during the same period, evidently as a result of the elimination of a “McColo” spam-generating operation late last year.

The rate of spam email dropped from an average 153 billion daily last year to 100 billion a day in March, according to the McAfee report released Tuesday.

“Seems the bad guys are attempting to recover from last November’s takedown of a central spam-hosting ISP by rebuilding their army,” researchers said in a McAfee Threats Report for the first quarter of 2009.

The United States unseated China as the country with the most “botnet-infected” computers, accounting for 18 percent of the world’s “zombie machines” as compared with China’s 13.4 percent, according to McAfee.

Australia “rocketed” to third place on the list with 6.3 percent of the world’s zombie computers after not even being it into the Top 10 list at the end of last year.

“The Land Down Under is proving to be fertile ground for zombie recruiting,” McAfee researchers wrote.

Despite the international nature of botnets, spammers seem to prefer sending the unwanted email from the United States, which McAfee said was the source of 35 percent of the messages as compared to 7.3 percent from second-place Brazil.

Cybercriminals are also increasingly rigging legitimate websites to sneak viruses onto visitors’ computers, according to McAfee.

Threat researchers reported discovering in March more than 800 new versions of a Koobface virus tailored to attack users of hot social-networking website Facebook.

“Servers hosting legitimate content have increased in popularity with malware writers as a means for distributing malicious and illegal content,” McAfee reported.

Cybercrooks have “deeply compromised” computers at key Russian and Eastern European corporations and government agencies, according to McAfee.

“The Internet knows no geographical boundaries,” researchers said in the report. “It is now apparent that cybercriminals will attack any target of opportunity they can find.”

Spam levels are the lowest the world has seen in two years, but are expected to rise.

“The question is not whether spam will return to previous levels, but rather when it will return,” McAfee said. “There is data regarding new zombie and botnet creation that suggest the time may not be too far in the future.”

 by Staff Writers

Conficker worm dabbling with mischief

 

The Conficker worm’s creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called “scareware.”An April update sent to a tiny percentage of infected computers had the machines retrieve components of notorious Storm and Waledac worms unleashed in past years to create armies of “botnets” — automated crime networks — for spreading spam or scareware.

“It looks like these guys are perhaps testing the waters to see which one of those would be a better money-maker for them,” Trend Micro advanced threats researcher Paul Ferguson said Monday of Conficker’s masters.

“We have always suspected that the people behind this would not sit idly by without trying to make money off this somehow. Spamming and rogue anti-virus are pretty lucrative for these guys.”

Ties to components of Storm and Waledac signal that Conficker’s creators were likely involved with the other computer worms, according to security specialists.

“This connects the dots that the same people behind Conficker are the people behind Waledac and Storm,” Ferguson said, noting that evidence is pointing to an organized hacker enterprise in the Ukraine.

“These are well-funded organized cyber-criminals in Eastern Europe. They want to steal people’s money out of their pockets without being noticed. This same criminal operation is very business savvy.”

Hackers are increasingly hiding viruses in bogus computer security software to trick people into installing treacherous programs on machines, Microsoft warned earlier this month.

Rogue security software referred to as “scareware” pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee.

“The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information,” Microsoft said.

Hackers have been capitalizing on hype and fear surrounding Conficker to trick people into loading scareware onto computers.

A task force assembled by Microsoft has been working to stamp out Conficker, also referred to as DownAdUp, and the software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm, a self-replicating program, takes advantage of networks or computers that haven’t kept up to date with security patches for Windows.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Conficker could be triggered to steal data or turn control of infected computers over to hackers amassing “zombie” machines into “botnet” armies.

Ferguson believes Conficker’s creators are out for cash, not wanton destruction, but that the worm’s spread is a sobering reminder that botnets could be turned against Internet-linked parts of national infrastructures.

“How do you rationalize connecting critical networks to the Internet when those kinds of attacks are possible?” Ferguson asked rhetorically.

“We used to joke that the only guarantee for 100 percent security is a pair of wire cutters.”

by Staff Writers
San Francisco (AFP) April 28, 2009

SKorea and US forge deal to fight cyber attacks

 

Austrian breakthrough in quantum cryptography: report Austrian physicists say a breakthrough in next-generation quantum cryptography could allow encrypted messages to be bounced off satellites, the British journal Nature reported Sunday. A team from Austria’s Institute for Quantum Optics and Quantum Information (IQOQI) managed to send entangled photons 144 kilometres (90 miles) between the Spanish islands of Las Palmas and the Balearics. Because of the success of the test, the IQOQI team said it was now feasible to send this kind of unbreakable encrypted communication through space using satellites. Quantum cryptography works by sending streams of light particles, or photons, making it entirely secure, as any eavesdropping would leave traces and immediately be detected. In quantum cryptography, photons are used as the key for the encrypted communication — just as mathematical formula are used in conventional cryptography.

South Korea and the United States have agreed to cooperate in fighting cyber attacks against their defence networks from countries including China and North Korea, officials said Monday.The April 30 deal calls for an exchange of information on detecting and fighting cyber attacks against information systems used by the militaries of the two allies, the defence ministry said.

At least once a year the two countries will hold a conference on joint readiness against computer hacking, it said.

“The deal covers cyber attacks in general, including those from North Korea and China,” a ministry official told AFP on condition of anonymity.

Last year Prime Minister Han Seung-Soo warned his cabinet against what he called attempts by Chinese and North Korean computer hackers to obtain state secrets.

In 2004 hackers based in China used information-stealing viruses to break into the computer systems of Seoul government agencies.

Im Jong-In, a cyber expert at Korea University, said South Korea — one of the world’s most wired societies — needed an integrated unit to fight cyber attacks by North Korea.

He told Monday’s Munhwa Ilbo newspaper that the North appeared to have hacked South Korean government computer systems through servers in China.

by Staff Writers
Seoul (AFP) May 4, 2009

China Insists It Does Not Hack into US Computers

Cyber crooks hot on heels of computer users: Cisco chief Cisco chief executive John Chambers said Wednesday that computer defenders are mere steps ahead of cyber crooks and that security must be built into all aspects of networks. “We are just staying ahead of the bad guys; one step at a time,” Chambers said during a rapid-fire presentation at a major computer security conference in San Francisco. “There aren’t many companies or governments that haven’t been hacked in the past year.” Lines between home and work lives are blurring, meaning people will increasingly use smart phones, laptop computers and other portable devices outside the control and protection of business settings, Chambers said. A growing trend towards “cloud computing,” in which programs are hosted online as services instead of being installed on business networks, means that more sensitive data will be bounced about the Internet. As businesses resort to holding virtual meetings online to save time and money they run risks of competitors or enemies snooping, according to Chambers. “I think you can have innovation and security co-exist, but you have to do it architecturally,” he said. “How do you stay ahead of crime figures, crime syndicates and pernicious states? The answer is you don’t without a secure infrastructure.” Cisco specializes in switches and routers for computer networks. “Technology to protect from attacks has to be automated,” Chambers said. “If it requires human intervention, it is too late. It’s the architectural play that is the future.”

China insisted on Thursday it was opposed to Internet crimes, following a US media report that said Chinese hackers may have been behind a cyber attack on computers linked to a new US fighter jet.

“Some people keep making up stories, I don’t know what their intentions are,” foreign ministry spokeswoman Jiang Yu said.

“We resolutely oppose and crackdown on cyber crimes, including hacking.”

Jiang was commenting on a Wall Street Journal report that computer spies hacked into the Pentagon’s 300-billion-dollar Joint Strike Fighter project.

The newspaper cited unnamed former US officials as saying the attack appeared to have originated in China, which the Pentagon says has put a priority on bolstering its cyber-warfare capability.

Hackers may have attacked computer networks at contractors helping to build the new fighter jet, also known as the F-35, the paper said.

Despite the computer break-in, a Defence Department official said sensitive technology for the Joint Strike Fighter aircraft had not been compromised.

The Wall Street Journal report was the latest in a series of accusations emanating from the United States recently that have warned of an escalating Chinese cyber hacking threat. China has denied all such reports.

earlier related report
US cyberspace head says security needs team effort
The leader of a major US government review of cyber security told computer defense professionals on Wednesday that protecting the country online would require their efforts.

A 60-day review of the US communications and information infrastructure identifies 250 “needs, tasks, and recommendations,” said Melissa Hathaway, the acting head of cyberspace for the US national and homeland security councils.

The report on the country’s communications and information infrastructure was completed on April 17 and is now on President Barack Obama’s desk for review.

“When the report is made public you will see there is a lot of work for us to do together,” Hathaway told an audience of computer security experts in San Francisco.

“Cyberspace will not be secured overnight on the basis of one plan. As they say, this is a marathon not a sprint.”

Hathaway said the findings of the report will not be discussed publicly until after they are reviewed by Obama and his administration.

She playfully likened the task of evaluating US cyber security needs in 60 days to a seemingly overwhelming assignment meted out at the start of a popular classic television show “Mission Impossible.”

The theme music from the show played as she began her presentation.

“The days have been long and the task has been hard, hence the ‘Mission Impossible’,” Hathaway quipped.

“Sixty days included Saturdays and Sundays. I had to watch it as a pep talk to get through the last 48 hours.”

Hathaway said the US is at “a crossroads” with cyberspace underpinning promise and perils.

“I stand before you today with no less than three BlackBerries and a pager, one of which is going to self-destruct by the end of this speech,” Hathaway said, playing off a trademark gimmick in “Mission Impossible.”

Hathaway said “a growing array of state and non-state actors” are out to compromise or steal information online.

“We have witnessed countless intrusions,” Hathaway said. “They even have the ability to damage portions of our infrastructure.”

Hathaway conceded that it could be fair to contend the US government is not organized properly to foster the collaboration and sharing needed for cyber security.

No single government agency should oversee cyber defenses and the US needs to work with other nations as well as computer specialists in the private sector, Hathaway said.

Her remarks came a day after National Security Agency director Lieutenant General Keith Alexander said that his agency does “not want to run cyber security for the US government.”

Alexander said the NSA should focus on cyber defenses for the US military while the Department of Homeland Security ensures Internet safety for civilians.

“No single agency has a broad enough perspective to match the sweep of the challenges,” Hathaway said.

“It requires leading from the top. Information is key to detecting, preventing and responding to cyber incidents. This requires developing partnerships.”

by Staff Writers
Beijing (AFP) April 23, 2009

Is Korea Turning Into Internet Police State?

The year is shaping up to be a dismal one for Internet companies, doubly battered by the economic blues and a heavy-handed government looking at more ways to monitor the Web and avoid a second beef crisis.
 
And now, with ruling party lawmakers looking to rewrite communication privacy law and allow authorities further power to observe and track Web browsing habits, frustrated Internet companies are finally showing some collective backbone against the growing regulatory pressure.
 
K-Internet, an industry lobby of 150 Internet companies, including NHN, the operator of Naver (www.naver.com), Daum (www.daum.net), Google Korea (www.google.co.kr) and Yahoo! Korea (www.yahoo.co.kr), announced a statement denouncing the controversial bill backed by the Grand National Party (GNP).
 
According to the draft, the National Intelligence Service (NIS), the country’s spy agency, gets expanded surveillance power that allows real-time interception of mobile phone and Internet communication, compared to current law that limits monitoring to fixed-line telephone calls.
 
All communication operators, including telephony carriers and Internet companies, will be required to operate surveillance equipment and save call recordings and log-on records of their users.
 
The bill also enables law enforcement authorities to collect and monitor location-based information, or Global Positioning System (GPS) records, of civilians. Considering that GPS capabilities are increasingly included in the latest mobile phones and portable Internet devices, a fast-growing number of people would be susceptible to investigators tracking their real-time movements
 
The GNP, which claims that strengthened law is needed to combat high-tech crimes and potential terrorist activities, plans to pass the bill through the National Assembly this month.
 
Internet companies claim that the suggested provisions could threaten to curtail Internet freedom and are likely to negatively affect their business by bumping up costs and curbing Web activity.
 
Obviously, a world where the government enjoys extensive freedom to peek into e-mail, chats, voice over Internet protocol (VoIP) calls and any other Web-based communication doesn’t exactly inspire confidence for a vibrant Internet culture.
 
“The content of the bill suggested by Rep. Lee Sung-han seems to be focused excessively on improving the `efficiency’ of investigations and less on protecting communication freedoms and limiting threats to privacy, posing a serious threat to the fundamental rights of citizens, limiting the business of communications operators and needlessly increasing social costs,” said the K-Internet statement.
 
`No Fun in Joking About China Anymore’
 
Should the GNP bill survive the National Assembly, the adjusted privacy law will become the latest measure by the Lee Myung-bak government to impose rules on Internet users.
 
Starting this month, the government is forcing real-name verifications on all Web sites with at least 100,000 users per day.
 
And last week, the National Assembly passed an anti-file-sharing provision that allows regulators to shutdown Web sites after their third warning over copyright infringement and cut off Internet access of users accused of sharing copyrighted files with or without complaints of copyright holders.
 
Due to the loose definition of copyrighted content, which not only includes movies and television shows but also news articles and even blog posts, Internet companies are concerned that the bulked-up copyright law could be abused for political reasons.
 
“I guess the government’s talk about being `business-friendly’ doesn’t include Internet companies,” said an employee from a major Internet company who didn’t want to be named.
 
“And when they say that we should keep all log-on records and fully monitor the copyright violations for the millions of files that come up everyday, you have to wonder whether they know what they’re talking about. There is no possible way we can afford the cost.”
 
Repeatedly kicked in the teeth by bloggers, first for the controversial decision to resume U.S. beef imports and then for ineptitude in economic policies, beleaguered government officials have been attempting to keep a closer watch on Internet users. As a result, Korea has now become one of the first democracies to aggressively use the law to hold Internet users and Web sites to account.
 
The watershed moment came in January when police arrested Park Dae-sung, a blogger known more widely as “Minerva” and a frequent critic of the government’s economic polices, on charges of “deliberately” undermining public interest by distributing fraudulent information.
 
“Maybe the Lee Myung-bak government is trying to lay the foundation for reunification, as Seoul and Pyongyang have never been so close politically and economically,” another deadpan industry insider said.
 
“There is no fun in joking about Pakistan and China anymore, when our own government seems to have a similar approach to Internet users.”
 
By Kim Tong-hyung
Staff Reporter
thkim@koreatimes.co.kr