In a recent report from Sophos, it appears that the US has overtaken China as the country hosting the most infected websites. If you believe the report, the growth of US-based infected websites has been phenomenal - from approximately 25% in 2007 to about 50% in the first 3 months of 2008. Part of the reason for the dubious distinction of holding top spot is that China is making progress in cleaning up its infected sites.

Another interesting trend in the report is the drop of infected emails - only one infected email in over 2500 compared to one in 909 in 2007. This coincides with the increase in infected websites where one infected webpage is discovered and blocked every 5 sec in 2008 compared with 14 sec in 2007.

Download the report here if you're interested.

Posted by andreyee in Industry Trends | Permalink | Comments (0) | TrackBacks (0)

It's tax season and if that's not enough to get you down, here's something to get your attention. A slew of scam emails are circulating, purporting to be from the IRS. These emails are targeted to companies and seek additional tax related information.

This warning comes to us from Sunbelt Software, whose CFO received one of the scam emails. The emails are realistic, carrying a certain believability. A screensaver file disguised as a tax refund PDF file (tax_refund_scr) is attached to the email. When the user clicked, a PDF file seems to appear but unknown to the user, malware is also downloaded to steal financial and confidential data.

Check it out here at the Sunbelt Software Blog.

Posted by andreyee in Alerts/Warnings | Permalink | Comments (0) | TrackBacks (0)

Going through airport security? You might want to be prepared for a few extra questions and a little longer inspection if you own the ultra-thin MacBook Air. Apparently, it's unusual physical dimensions is something that TSA inspectors might be unaccustom to. Further, when it's run through the scan, it doesn't look quite the same as many other laptops perhaps due to solid state drives and other cutting edge upgrades.

Bob, TSA employee since 2002, explains this on the Evolution of Security blog.

Posted by andreyee in Odds and Ends | Permalink | Comments (0) | TrackBacks (0)

Social networks like Facebook and MySpace continue to face security and privacy related issues as functional capabilities expand amd social interactions within the community become more complex.. Here are a couple of examples.

First up, Facebook. It recently acknowledge that a new functional capability called Beacon continues to track user activity long after users have logged off the site and even when users have elected to not display their activities to Facebook friends. Beacon is part of the Facebook Ads platform that tracks user acitivities on Facebook partner sites like Blockbuster and reports those activities to the "friends" of the Facebook account. Account holders may choose to not have those activities reported but it appears that even in that case, the activities are tracked and stored in some Facebook database. As you can imagine, privacy advocates are up in arms. You can read more about this case, if you're interested.

You can assume that these privacy issues will not go away and will continue to plaque Facebook and other social networks. Sometimes, problems are less about guarding privacy but rather the abuse of trust within the social network. Here's a chilling story about how a MySpace teen took her own life because of a cruel prank perpetrated by adult neighbors.

Perhaps the issue is that both the guarding of privacy and the protection of social network subscribers may be at odds with each other. To some extent, that's how it works in real life...we yield some privacy to trusted authorities - banks, hospitals, law enforcement, the state...to gain protective services of some kind or another.

However, striking this balance works in the cyberworld may not be so easy.

Posted by andreyee in Odds and Ends • Privacy/Information Theft • web 2.0 | Permalink | Comments (0) | TrackBacks (0)

The news about Salesforce.com's phishing incident broke almost 2 weeks ago on Slashdot...although there were rumors swirling about for a number of days prior to the report. A Salesforce employee fell victim to a phishing attack that captured his company credentials. The attackers used those credentials to harvest customer contact data and began to send phishing attacks to customers, in the form of fake Salesforce invoices. As you might expect some number of customers fell for the scam and yielded their Salesforce account info.

There are a few interesting implications of this phishing attack, none of which pertain specifically to what Salesforce should or could have done.

Implication #1 - this kind of targeted phishing or "spear phishing" is difficult to monitor and eliminate. When a specific target is singled out, the attack tends to proceed undetected for a while before it becomes evident. No specific remedies or signatures are available to address them.

Implication #2 - until now, most highly phishing attacks have been targeted at financial institutions and consumers. Relatively recent examples include the Bank of America "change of email" scam and ADP.
Not surprisingly, SaaS providers may now be next on the list. Although, the value of the information to scammers may not be apparent, it is likely that phishing attacks against SaaS applications that hold identity and proprietary info will be on the rise.

Implication #3 - phishing is only the starting point for the attack. In the Salesforce incident, it was uncovered that some of the customers who were effectively phished, also had keyloggers and other malware downloaded onto their machines. From the Salesforce letter sent to customers -

"...As a result of this, a small number of our customers began receiving bogus emails that looked like salesforce.com invoices, but were not--they were also phishes. Unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher... However, a few days ago a new wave of phishing attempts that included attached malware--software that secretly installs viruses or key loggers--appeared and seemed to be targeted at a broader group of customers."

Not a lot of good news there. The point is that in this new Web 2.0, Saas enabled world, there is a Long Tail to this phishing problem...targeted, sophisticated attacks cannot be tackled by simply preaching "security awareness". Nor it is enough to use signature based phishing detection techniques. We need a different approach.

Posted by andreyee in Industry Trends • Privacy/Information Theft • web 2.0 | Permalink | Comments (0) | TrackBacks (0)

Apparently, two weeks ago, the Al Qaeda summoned an "Electronic Jihad" to commence on Nov 11.

In a special Internet announcement in Arabic, picked up DEBKAfile’s counter-terror sources, Osama bin Laden’s followers announced Monday, Oct. 29, the launching of Electronic Jihad. On Sunday, Nov. 11, al Qaeda’s electronic experts will start attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites. On Day One, they will test their skills against 15 targeted sites expand the operation from day to day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.

Can you say - "bring it on"? Nah... I don't know if this is legit but either way, I don't anticipate it'll actually register with anyone.

If you're interested, read the entire Debka.com report here.

(HT: Bruce Schneier)

Posted by andreyee in Alerts/Warnings | Permalink | Comments (0) | TrackBacks (0)

As a software vendor, it must be the software equivalent of finding yourself on Hollywood's "worst dressed" list. Here are the top 10 most vulnerable apps in 2007 published by Bit9, an endpoint security company.

1. Yahoo! Messenger 8.1.0.239 and earlier
2. Apple QuickTime 7.2
3. Mozilla Firefox 2.0.0.6
4. Microsoft Windows Live (MSN) Messenger 7.0, 8.0
5. EMC VMware Player (and other products) 2.0, 1.0.4
6. Apple iTunes 7.3.2
7. Intuit QuickBooks Online Edition 9 and earlier
8. Sun Java Runtime 1.6.0_X
9. Yahoo! Widgets 4.0.5 and previous
10. Ask.com Toolbar 4.0.2.53 and previous

Among the qualifying criteria is that it must be able to run on Microsoft Windows platform and be a well known consumer application, downloaded by individuals.

It's interesting to note that Yahoo (Messenger, Widgets) and Apple (Quicktime, iTunes) related software each appears twice while Microsoft, with its extensive scope and distribution of software is only represented by MSN Messenger. Go figure.

Posted by andreyee in | Permalink | Comments (1) | TrackBacks (0)