• Gesamte Community
    • Gesamte Community
    • Foren
    • Ideen
    • Blogs
Erweitert
Danksagungen1 Stats

Cybercrime News: Conficker is Spamming, Weak Economy Drives Crime, Why We Click on Spam and More

There's evidence that the Conficker botnet (oh, did you really think they distributed those millions of bots without a plan to monetize them?) is now being used on a "for hire" basis. A story from the UK referencing a new report from Cisco, states that malware called Waledec is being distributed via Conficker's millions of infected computers. Waledec uses your system to send out spam and spread itself to other computers. Before you pull your hair out in frustration, just make sure you've got an up-to-date copy of Norton Internet Security or another comprehensive security product on your computers. Check your kid's computers including any new netbooks you've received and scan your USB or thumb drives for signs of infection.

Will the poor economic times turn IT professionals to cybercrime? It stands to reason as national unemployment rates soar above 9% this summer that people are tempted by opportunities they might normally reject. Witness the increase in "work at home" scams. That's one type of cybercrime to be on the watch for. Here's a helpful article from the Better Business Bureau with details on the typical ads you see online and why "work at home" opportunities almost never are real.

More typical is the idea that if someone's talents are not utilized by legitimate business, they will be compelled into whatever is available. This story (also stemming from Cisco's Cybercrime report) contains specific examples of individuals who turned to cybercrime simply to pay the bills.

Last week, Symantec held a panel with law enforcement officials to discuss the current state of Cybercrime. I was most interested to hear that in Nigerian neighborhoods, the cybercriminals are living in palatial homes and earn many thousands of US dollars a week from sending us spam and phishing attacks. The locals make an average of $3,000 annually, so it's not surprising that in these communities, the local cybercriminal is a respected and admired person.

What drives spam (currently over 90% of the world's email) is simply that people actually do click on the links and respond to the offers. If everyone stopped responding in some fashion, the criminals would move on to other opportunities. A recent Message Labs study tried to understand what we could do to minimize our risk of receiving spam. The researchers found that typing your email address with the @ symbol in an online page's comments increased your risk of getting spam dramatically. A simple fix? Use "at" to replace the "@".

So why do we click? Another new study says 30% of the time it was confusion ("made a mistake"/"don't know"). Another large reason is to reply to the spam ("stop sending me this" requests, I would imagine.) Never respond to the spam sender if only because that confirms yours is a valid email address. 12% of those who click on spam want the service or product and another 6% just want to see "what would happen." Ugh.

It's going to take a team effort, folks, to get cybercrime in hand. A few reminders:

  1. Using security software is not optional. Would those who take the risk to run an online computer without protection drive their cars without brakes and insurance? Given that today's cybercriminal can destroy your financial life, you shouldn't risk giving them that opportunity.
  2. Don't take candy from strangers. There's no such thing as a free lunch. There's a sucker born every day. You get the idea. It pays to be cynical when you go online. Don't click links in your email unless you are 100% confident you know the sender and the link is legitimate.
  3. If you are looking for job opportunities, use appropriate resources to find job leads. Some newer options include sites like UnitedWeWork.org which combines job listings from a number of Fortune 500 employers. And there are the longtime resources such as CareerBuilder and Monster (where I found my position at Symantec way back when.)

Kommentare

Danksagungen0

There's evidence that the Conficker botnet (oh, did you really think they distributed those millions of bots without a plan to monetize them?) is now being used on a "for hire" basis. A story from the UK referencing a new report from Cisco, states that malware called Waledec is being distributed via Conficker's millions of infected computers. Waledec uses your system to send out spam and spread itself to other computers. Before you pull your hair out in frustration, just make sure you've got an up-to-date copy of Norton Internet Security or another comprehensive security product on your computers. Check your kid's computers including any new netbooks you've received and scan your USB or thumb drives for signs of infection.

Will the poor economic times turn IT professionals to cybercrime? It stands to reason as national unemployment rates soar above 9% this summer that people are tempted by opportunities they might normally reject. Witness the increase in "work at home" scams. That's one type of cybercrime to be on the watch for. Here's a helpful article from the Better Business Bureau with details on the typical ads you see online and why "work at home" opportunities almost never are real.

More typical is the idea that if someone's talents are not utilized by legitimate business, they will be compelled into whatever is available. This story (also stemming from Cisco's Cybercrime report) contains specific examples of individuals who turned to cybercrime simply to pay the bills.

Last week, Symantec held a panel with law enforcement officials to discuss the current state of Cybercrime. I was most interested to hear that in Nigerian neighborhoods, the cybercriminals are living in palatial homes and earn many thousands of US dollars a week from sending us spam and phishing attacks. The locals make an average of $3,000 annually, so it's not surprising that in these communities, the local cybercriminal is a respected and admired person.

What drives spam (currently over 90% of the world's email) is simply that people actually do click on the links and respond to the offers. If everyone stopped responding in some fashion, the criminals would move on to other opportunities. A recent Message Labs study tried to understand what we could do to minimize our risk of receiving spam. The researchers found that typing your email address with the @ symbol in an online page's comments increased your risk of getting spam dramatically. A simple fix? Use "at" to replace the "@".

So why do we click? Another new study says 30% of the time it was confusion ("made a mistake"/"don't know"). Another large reason is to reply to the spam ("stop sending me this" requests, I would imagine.) Never respond to the spam sender if only because that confirms yours is a valid email address. 12% of those who click on spam want the service or product and another 6% just want to see "what would happen." Ugh.

It's going to take a team effort, folks, to get cybercrime in hand. A few reminders:

  1. Using security software is not optional. Would those who take the risk to run an online computer without protection drive their cars without brakes and insurance? Given that today's cybercriminal can destroy your financial life, you shouldn't risk giving them that opportunity.
  2. Don't take candy from strangers. There's no such thing as a free lunch. There's a sucker born every day. You get the idea. It pays to be cynical when you go online. Don't click links in your email unless you are 100% confident you know the sender and the link is legitimate.
  3. If you are looking for job opportunities, use appropriate resources to find job leads. Some newer options include sites like UnitedWeWork.org which combines job listings from a number of Fortune 500 employers. And there are the longtime resources such as CareerBuilder and Monster (where I found my position at Symantec way back when.)
Danksagungen0
The article is interesting and contains some valid points but users are unlikely to change "bad habits" when using their PCs. That fact is a comfort to the cyber criminals who constantly manage to fool "intelligent" users with very simple scams.
We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Danksagungen0

"Further, the survey found that 80 percent of users questioned doubted their computers were ever at risk of being infected with a 'bot' that can send spam and create other problems without the user knowing it."

Come on people; it's time to wake up and smell the cheese!  That sentence is un-believable that people can think like that; so much for them being "Security aware" - well, at least most of them did Install Security Software, but I wonder how many people actually kept it up-to-date...

_________________________________________________

Hi, Marian,

Interesting Blog; thanks for Posting!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]