Cybercrime News: Conficker is Spamming, Weak Economy Drives Crime, Why We Click on Spam and More
There's evidence that the Conficker botnet (oh, did you really think they distributed those millions of bots without a plan to monetize them?) is now being used on a "for hire" basis. A story from the UK referencing a new report from Cisco, states that malware called Waledec is being distributed via Conficker's millions of infected computers. Waledec uses your system to send out spam and spread itself to other computers. Before you pull your hair out in frustration, just make sure you've got an up-to-date copy of Norton Internet Security or another comprehensive security product on your computers. Check your kid's computers including any new netbooks you've received and scan your USB or thumb drives for signs of infection.
Will the poor economic times turn IT professionals to cybercrime? It stands to reason as national unemployment rates soar above 9% this summer that people are tempted by opportunities they might normally reject. Witness the increase in "work at home" scams. That's one type of cybercrime to be on the watch for. Here's a helpful article from the Better Business Bureau with details on the typical ads you see online and why "work at home" opportunities almost never are real.
More typical is the idea that if someone's talents are not utilized by legitimate business, they will be compelled into whatever is available. This story (also stemming from Cisco's Cybercrime report) contains specific examples of individuals who turned to cybercrime simply to pay the bills.
Last week, Symantec held a panel with law enforcement officials to discuss the current state of Cybercrime. I was most interested to hear that in Nigerian neighborhoods, the cybercriminals are living in palatial homes and earn many thousands of US dollars a week from sending us spam and phishing attacks. The locals make an average of $3,000 annually, so it's not surprising that in these communities, the local cybercriminal is a respected and admired person.
What drives spam (currently over 90% of the world's email) is simply that people actually do click on the links and respond to the offers. If everyone stopped responding in some fashion, the criminals would move on to other opportunities. A recent Message Labs study tried to understand what we could do to minimize our risk of receiving spam. The researchers found that typing your email address with the @ symbol in an online page's comments increased your risk of getting spam dramatically. A simple fix? Use "at" to replace the "@".
So why do we click? Another new study says 30% of the time it was confusion ("made a mistake"/"don't know"). Another large reason is to reply to the spam ("stop sending me this" requests, I would imagine.) Never respond to the spam sender if only because that confirms yours is a valid email address. 12% of those who click on spam want the service or product and another 6% just want to see "what would happen." Ugh.
It's going to take a team effort, folks, to get cybercrime in hand. A few reminders:
- Using security software is not optional. Would those who take the risk to run an online computer without protection drive their cars without brakes and insurance? Given that today's cybercriminal can destroy your financial life, you shouldn't risk giving them that opportunity.
- Don't take candy from strangers. There's no such thing as a free lunch. There's a sucker born every day. You get the idea. It pays to be cynical when you go online. Don't click links in your email unless you are 100% confident you know the sender and the link is legitimate.
- If you are looking for job opportunities, use appropriate resources to find job leads. Some newer options include sites like UnitedWeWork.org which combines job listings from a number of Fortune 500 employers. And there are the longtime resources such as CareerBuilder and Monster (where I found my position at Symantec way back when.)