New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
Spam levels have increased by 5.1% since last month, reaching heights of 90.4%, according to latest report from Symantec's MessageLabs Intelligence... The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink, says the report. "Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the emails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains." more
A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more
StopBadware.org and Consumer Reports WebWatch have announced today the full launch of BadwareBusters.org, a new online community for people looking for help preventing and countering viruses, spyware, and other "badware" on their computers and websites. Maxim Weinstein, manager of StopBadware.org at Harvard University's Berkman Center for Internet & Society, says the site is not only a useful destination, but also a piece of a bigger puzzle. "BadwareBusters.org is part of StopBadware's strategy to bring together the people, the organizations, and the data that allow us to fight back against the spread of badware," Weinstein said. "The collective wisdom of the BadwareBusters community will inform not only individuals, but the entire technology industry." more
A study comparing best-of-breed computer security vendors suggests more than half of active malware and phishing threats on the Internet go undetected, with an average detection rate of 37% for malware and 42% for phishing. "Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Because the majority of damage occurs during the first 24 hours of an attack, early detection of attacks is crucial." more
With the alarming increase in cyberattacks, criminals are literally turning businesses against their own customers in order to steal consumer's personal data, warns the latest annual X-Force Trend and Risk report from IBM. "The security industry puts a lot of effort into the technical evaluation of security threats, examining, sometimes at great length, the potential threat that each issue might present to corporations and consumers. Criminal attackers out for profit, however, have considerations that the security industry does not always take into account, such as monetization cost and overall profitability." more
While the news will not be terribly surprising to CircleID readers, Google's latest report on the status of spam and 2009 predictions posted today, might be of particular interest due to the company's shear email processing volume at 2 billion enterprise email connections per day (drawn from company owned Postini Message Security network)... more
As recently reported, spam volumes indicate spam has nearly jumped back up to its pre-McColo shutdown levels. However, Symantec's The State of Spam report has also observed that in recent days spammers are increasingly piggybacking on legitimate newsletters and using the reputation of major social networking sites to try and deliver spam messages into recipients' inboxes... In its special URL investigation the report also indicates that on average approximately 90 percent of all spam messages today contain some kind of a URL. Additionally, analysis of data from past recent days, according to Symantec, have shown that 68% of all URLs in spam messages had a '.com' Top-Level Domain (TLD), 18% had a China's '.cn' ccTLD and 5% had a '.net'. more
In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more
The new Global Phishing Survey released by the Anti-Phishing Working Group (APWG) this month reveals that phishing gangs are concentrating their efforts within specific top level domains (TLDs), but also that anti-phishing policies and mitigation programs by domain name registrars and registries can have a significant and positive effect. The number of TLDs abused by phishers for their attacks expanded 7 percent from 145 in H2/2007 to 155 in H1/2008. The proportion of Internet-protocol (IP) number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008. more
A recent study has revealed some of the economics behind junk mail and spam conversion rates conducted in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD). The analysis has suggested that spam operations are able to remain profitable and generate millions from minute response rates. The study is described as the first large-scale quantitative study of spam conversion. more
U.S. authorities announced today that they have shut down one of the largest spam operations in the world, an extensive network with ties to Australia, New Zealand, India, China and the United States. The group, dubbed 'HerbalKing' by spam fighting organizations, had been active as far back as 2005 and became notorious as the number one worst spam gang on the Internet for much of 2007 and 2008 according to Spamhaus, a non-profit anti-spam research group. more
A World-Renowned Source for Internet Developments. Serving Since 2002.