Photo: Paul Wood, Symantec

Symantec recently released the results of its October intelligence report. The report found that spammers have established a genuine URL shortening service that is publicly available and will generate real shortened links. This was all found in spam emails.

About 92 percent of the spam emails contained the URLs and the use of the shortened links make it difficult to block the messages based on fingerprinting the URL. In total, 80 URL shortening sites have been operating and using a similar naming pattern.

“It is possible that spammers are setting up their own URL shortening sites since legitimate URL shortening sites, which have long suffered with abuse, have slightly improved their detection of spam and other malicious URLs,” said Paul Wood, senior intelligence analyst at Symantec.

“It’s not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers’ part, or perhaps an attempt to make the site seem more legitimate,” he added.

The report also highlighted the trend of a decease in malicious activity as compared to the year before. The ratio of spam in email traffic decreased 0.6 percentage points while phishing email activity diminished by 0.07 percent.

Email-borne viruses in email traffic decreased 0.11 percent and web-based malware threats decreased 4.3 percent.

For the fifth consecutive year, McAfee researched popular culture’s most famous people revealing the riskiest celebrities on the Web. The McAfee Most Dangerous Celebrities study found movie stars and models to be more dangerous while singers and sports stars are among the safest. Heidi Klum replaced Cameron Diaz as most dangerous celebrity to search for on the web.

According to McAfee, cybercriminals will frequently use names of popular celebrities in order to lure users to sites interlaced with malicious software. Searching for the latest Heidi Klum pictures and downloads has a nine percent change of landing on a website containing spyware, spam, phishing, adware, viruses and other malware.

“While slightly safer than last year, searching for top celebrities continues to generate risky results,” said Paula Greve, director of Web security research at McAfee. “Consumers should be particularly aware of malicious content hiding in ‘tiny’ places like shortened URLs that can spread virally in social networking sites, or through e-mails and text messages from friends.”

The study makes use of McAfee SiteAdvisor software that provides ratings indicating which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. Other celebrities making the top ten include Piers Morgan, Jessica Biel and Katherine Heigl.

The report combines results from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. 

According to Symantec, the turbulent market drives “pump-and-dump” stock scams. Spammers cause an artificial rise in stock price and sell their shares. Ending the campaign reduces interest in stock and drives stock back to original low price.

“Scammers can make substantial profits in a matter of days with a well-executed pump-and-dump spam. In the current turbulent environment many people may be convinced to invest in stocks that the scammers claim will benefit from the market turbulence,” said Paul Wood, senior intelligence analyst, Symantec.cloud.

Additional analysis revealed that there were as many new boot time malware threats in the first seven months of 2011 as there were in the previous three years.  

“MBR infections offer great scope for deep infection and control of computers, which makes the idea attractive to malware creators. Contemporary MBR infection methods are a fairly complex affair usually executed by highly skilled individuals,” Wood said

In August 2011, the global ratio of spam in email traffic declined to 75.9 percent. However, phishing activity increased in August. Many increases are coming from attacks related to major brand names related to Apple’s iDisk as well as a variety of Brazilian companies and services, including financial brand names and social networking.

According to IC3, the email alerts the recipient that two “trunk boxes” containing large sums of money were intercepted at an international airport and that the funds are allegedly from Nigeria’s Office of the Ministry of Finance.

“The boxes contain documents bearing the recipient’s name as the owner of the funds,” stated IC3. “The fraudsters advise an additional document called the ‘Diplomatic Immunity Seal of Delivery’ is needed to protect the recipient from violating the Patriot Act.”

The email then prompts the recipients to contact the spammers for instructions on how to obtain the document and then warns them of the consequences should they fail to comply. They also inform the FBI officials not to contact any bank in Africa or any other institution.

IC3 warns that officials should not respond to these hoax emails and to report any further incidents.

Analysis of 25 million spam messages by Internet security solutions provider BitDefender revealed that cyber crooks most commonly use Jay Leno, Madonna and Cameron Diaz to spread spam. Barack Obama and Stephen King also make the dubious honor of placing in the top 10.

Other celebrities mentioned, but ranking outside the top 10, include David Beckham, Tiger Woods, Miley Cyrus, Meryl Streep and Kanye West. Personalities such as Oprah Winfrey, Justin Bieber and Angelina Jolie, who were previously used in spamming attacks, are absent from current criminal campaigns, Bitdefender noted.

Cyber crooks also exploited the news announcing the death of terrorist leader Osama bin Laden to send spam and phishing emails purporting from federal agencies. Recipients were asked to disclose their home address, banking information and other sensitive data that would allegedly clear them of accusations of terrorism.

Research conducted by Cisco earlier this month indicated that cyber crime had become less fruitful compared to previous years. Security researcher Pat Peterson said spam had decreased from about 300 billion messages daily a year ago to nearly 40 billion per day over the past few months.

Although the hackers were able to access to certain user information on Washington Post Jobs, passwords and personal information such as resumes or contact information were not compromised, according to an email the news organization sent to its users.

Neither washingtonpost.com nor any Washington Post systems were affected by the breach.

The Post warned users to beware of unsolicited emails that may ask for personal information, and to avoid opening suspicious or unsolicited emails or click any links in spam.

Speaking yesterday at a press event at in San Bruno, Calif., security researcher Pat Peterson said last year saw a turning point in the fight against mass scams and criminal profits from these illicit activities are expected to continue dropping, according to Computerworld.

Cisco estimates that mass attackers will rake in about $300 million in profits this year — a significant difference from the $1 billion or so Cisco thinks the criminals made each year in 2009 and 2010.

Peterson attributed the decrease in profit to two factors:  Beefed-up law enforcement efforts and the disruption of botnets such as Conficker and Rustock.

Spam has declined accordingly, from about 300 billion messages daily a year ago to nearly 40 billion per day over the past few months. This phenomenon is “something that we don’t see very often,” Peterson said.

But as spam is decreasing, Peterson said he believes targeted attacks such as spear phishing are rising. Targeted attacks has tripled over the past year and they are now costing organizations about $1.3 billion each year, Cisco said.

The Symantec May 2011 MessageLabs Intelligence Report reveals that in a bait-and-switch ruse, scammers supply legitimate shortened URLs in spam messages that direct unwitting targets to fake URL-shortening websites and, eventually, to the fraudster’s website.

“MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques, so it was only a matter of time before a new technique appeared,” said Paul Wood, MessageLabs Intelligence senior analyst. “What is unique about the new URL-shortening sites is that the spammers are treating them as ‘stepping stones’ – a link between public URL-shortening services and the spammers’ own sites.”

Spammers register these new domains several months before using them, possibly to avoid getting detected by legitimate URL-shortening services as the age of the domain may be used as an indicator of legitimacy.

In addition to URL-shortening scams, the report also breaks down spam impact globally, pinpointing Russia as the most spammed nation in May. In the Netherlands, spam accounted for 77.5 percent of email traffic, in Germany 75.5 percent, 75.1 percent in Denmark and 73.9 percent in Australia.

As for vertical trends, the most spammed industry sector with a spam rate of 80.2 percent was the wholesale sector, followed by education (77.4 percent), chemical & pharmaceutical (76 percent), IT services (75.4 percent), retail (75.4 percent). public sector (74.5 percent) and finance (74.7 percent).

Photo: Andrey Kiselev

The State Department’s Bureau of Diplomatic Security today hosted “Get Schooled, Kids and Cyber Security” to raise awareness about cybersecurity and children by discussing risks, mitigation strategies and safety tips.

Speakers included Enough is Enough President and CEO Donna Rice Hughes; National Center for Missing and Exploited Children instructor Dr. Sharon Cooper; Internet Solutions for Kids President and Research Director Dr. Michele Ybarra; and Pew Internet and American Life Project Senior Research Specialist Amanda Lenhart.

DS’ Office of Cyber Security is tasked with protecting the State Department’s nearly 92,000 computers around the globe. Last year, the department received more than 2 million external emails a day, 83 percent of which were spam. And in 2010, the department countered nearly 500,000 viruses.

The Bureau of Diplomatic Security is the State Department’s law enforcement and security arm. Its special agents, engineers and security professionals are in charge of the security of 285 U.S. diplomatic facilities worldwide.

In the United States, diplomatic security personnel investigate passport and visa fraud, conduct personnel security investigations and protect the secretary of state and other high-ranking foreign dignitaries and officials visiting the United States.

The Internet Threats Trend Report, which covers spam, phishing, malware and web threats, said while overall spam activity dropped around the New Year, it had a dramatic rise after the holidays. For the first three months of 2011, spam averaged 168 billion emails per day. After the elimination of Rustock, spam decreased to an average of nearly 119 billion messages daily.

Following the Rustock takedown, zombie activity also dropped significantly, but large increases of enslaved computers became evident in the wake of the malware outbreak at the end of the quarter.

The period between January and March 2011 saw various methods to distribute malware:

• Mass mailings of “parcel tracking information” purporting to come from UPS and DHL accounted for 30 percent of all emails sent during the peak of the outbreak
• Facebook chat messages from hacked user accounts led to bogus Facebook apps and viruses
• PDFs with embedded script malware mimicked Xerox-scanned documents
• The “Kama Sutra” virus tempted recipients with an explicit PowerPoint presentation

The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or using online form-filling services to ease the collection of phished user data.