Internet Flooded With Spam ““ Much Of It Dangerous
According to a recent report issued by Microsoft’s security wing, more than 97% of the e-mails sent daily over the internet are spam.
The overwhelming majority of spam-mail consists of product advertisements, many of which contain hidden computer viruses. The report also found that nearly 1% of computers worldwide are infected by viruses contracted from these e-mails.
The report also noted that innocuous documents sent as Office and PDF attachments are also being targeted by online hackers with increasing frequency.
But the incredibly high amount of unwanted e-mail is no cause for alarm according to Cliff Evans, chief of Microsoft’s security and privacy division. “The good news is that the majority of that (spam) never hits your inbox ““ although some will get through,” he says.
Microsoft’s head security advisor, Ed Gibson, blames the explosion of spam on the fact that hackers have started “targeting the weak link” ““ that is, internet users themselves ““ rather than the actual software.
“With higher capacity broadband and better OS (operating systems), and higher power computers it is easier now to send out billions of spams. Three or four years ago the capacity wasn’t there.”
THE DARK WORLD OF “˜MALWARE’
For Paul Woods, analyst for the e-mail security company Message Labs, the spam figures from Microsoft came as something of a surprise. “Our own analysis shows that around 81% of the e-mail traffic we were processing was identified as spam and unwanted,” he said.
Message Labs reported a major drop in spam levels after a major spam-producing ISP was taken offline at the end of 2008. “As a result of that, a number of developers in botnet technology at the end of last year were trying to regain botnet control and increase capacity and return to previous spam levels”¦It won’t be long before we see a return to those levels,” says Woods.
The report was also able to identify which countries had the greatest incidence of infection with malicious software, also known as “˜malware’. Russia and Brazil led the world in rates of infection, while Turkey, Serbia and Montenegro followed close behind.
The study also noted that the kinds of malware being sent were different in every country, stating: “As the malware ecosystem becomes more reliant on social engineering, threats worldwide have become more dependent on language and cultural factors.”
In China, malware varieties that attack web browsers are very usual, while in Brazil they tend to target online bankers. The viruses known as Win32/Virut and Win32/Parite are hackers’ malware of choice.
REGULAR SOFTWARE UPDATES ARE CRUCIAL
The report reinforced the need for users to keep their computers’ software as up to date as possible. The report stated that more than 90% of the incidences of infection could have been avoided if users had simply downloaded available updates. A wave of attacks on PDF files in the second half of 2008, for example, exploited a security hole that Adobe had already repaired in the most recent version its software.
Mr. Gibson had a word of caution for computer users around the world: “If you don’t update your software you are not just a hazard to yourself, you are a hazard to others because you can be part of a botnet,” without even knowing it.
Mr. Evens commented that compared to businesses, consumers seem to be doing a better job of keeping their computers updated. “We have to encourage businesses to make more use of automatic updates,” he said.
SOFTWARE ATTACKS INCREASINGLY SOPHISTICATED
Woods observed that hackers who were using Office and PDF as their virus carriers are making very targeted attacks. “They tend to be used in selective attacks to named individuals in organizations”¦A lot of social engineering will be used to appear legitimate and convince a user to open the attachment.”
“Once opened,” Woods explained, “a vulnerability in the application used to open the document will be exploited and often a tiny piece of code will execute and then download a larger file from a rogue website”¦This program will then attempt to search the computer for a particular document or file and send it to a remote PC.”
Also brought to light in the report was a new malicious innovation known as scareware. Scareware are bogus security programs which try to get users to install viral software by convincing them that it is a free anti-virus program.
“It’s criminals playing on people’s fears,” said Evans. “The advice remains the same ““ ensuring you have up to date software, whether that’s your applications, your browser or your OS.”
Â
—
On the Net: