U.S. Largest Source of Malware

December 25th, 2008 | No Comments | Posted in Security

American websites host more malware and computers relay more spam than any other country, the latest security report showed.

sick-computerAs evidence of this, when an American Internet company, accused of collaborating with spammers and hackers, was disconnected from the net in November, the level of spam staggered down 75 percent.

The ‘Security Threat Report 2009′ was just published by Sophos, the U.K.-based IT security and control firm, which examined the threat landscape over the last twelve months, and predicted the emerging cybercrime trends for 2009.

Too many compromised computers

“Not only is the U.S. relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it’s also carrying the most malicious Web pages,” said Graham Cluley, senior technology consultant for Sophos. “We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today.”

Sophos’s research reveals that in 2008, organized criminal gangs tripled their attacks against innocent websites, injecting malicious code to infect visiting home users and businesses.

In addition, 2008 has seen concerted campaigns by hackers to pose as legitimate anti-virus vendors, creating new professional-looking websites and applications every day with the intention of scaring users into believing that their computers have been compromised.

On average, five new scareware websites were identified each day by Sophos, with the figure peaking at more than 20 per day on occasion.

Trusted networks targeted

The report also documented the major Internet attacks of 2008, and showed a rise in hackers spamming out malicious attachments, designed to compromise PCs in order to steal identities, money and resources. By the end of 2008, Sophos was tracking five times more malicious attacks arriving through files attached to e-mails than at the start of the year.

Spammers and malware authors have shown interests in websites such as Facebook - hacking into innocent users’ accounts to take advantage of trusted social networks and send spam and malware.

“The last year proved beyond doubt that Internet hacking gangs are organised like never before, often working across borders to steal money and data from unsuspecting users. The volume of attacks has increased, with hackers using automated systems to break into vulnerable websites or generate new variants of their malware,” said Cluley.

“People need to wake up to the reality that the completely legitimate Web site they are visiting could be harbouring a dangerous malware infection planted by hackers. As we enter 2009, we are not expecting to see these assaults diminish. As economies begin to enter recession it will be more important than ever for individuals and businesses to ensure that they on guard against Internet attack,” he said.

Internet attacks are overwhelmingly orchestrated via networks of innocent home computers that have–unknown to their owners–been commandeered by hackers. Sophos urges home users and businesses to properly defend their personal computers with up-to-date anti-virus software, security patches and firewalls.

Statistics and findings

• Biggest malware threats - SQL injection attacks against websites and the rising tide of scareware.

• New Web infections - one new infected Web page discovered by Sophos every four and a half seconds (Three times faster than in 2007).

• Malicious e-mail attachments - five times more at end of 2008 than at the beginning.

• U.S. hosts the most malware on the Web (37 percent), usurping China’s position in 2007.

• U.S. computers relay the most spam (17.5 percent).

• Increasing allegations of state-sponsored cybercrime, as China, North Korea, Russia and Georgia amongst those accused of espionage and assaults via the Internet.

Top malware-hosting countries

In 2007, China was responsible for hosting more than 50 percent of all Web-based malware. This position was taken over by the U.S. in 2008.

The top ten malware-hosting countries in 2008 are:

1. U.S. 37.0 percent

2. China (including HK) 27.7 percent

3. Russia 9.1 percent

4. Germany 2.3 percent

5. South Korea 2.1 percent

6. Ukraine 1.8 percent

7. United Kingdom 1.7 percent

8. Turkey 1.5 percent

9. Czech Republic 1.3 percent

10. Thailand 1.2 percent

Other malware-hosting countries in Asia are Malaysia (0.1 percent), Japan (0.1 percent), Singapore (less than 0.1 percent). The spam-relaying countries are Philippines (0.9 percent), Japan (0.6 percent), Australia (0.6 percent), and Singapore (0.3 percent).

Tags: , , ,

U.S. Military Computers Infected by Worm

December 3rd, 2008 | 1 Comment | Posted in Military, Security

The Defense Department’s geeks are spooked by a rapidly spreading worm crawling across their networks. So they’ve suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

military computerThe ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to “floppy disks,” is supposed to take effect “immediately.” Similar notices went out to the other military services.

In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute.

The problem, according to a second Army e-mail, was prompted by a “virus called Agent.btz.” That’s a variation of the “SillyFDC” worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again — this time on the PC. “From there, it automatically downloads code from another location. And that code could be pretty much anything,” says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further — to the early ’90s. “But at that time they relied on infecting floppy disks rather than USB drives,” Olson adds.

Servicemembers are supposed to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware,” one e-mail notes. Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified, circumstances. “Personally owned or non-authorized devices” are “prohibited” from here on out.

To make sure troops and military civilians are observing the suspension, government security teams “will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced,” an e-mail says. “Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action.”

“The USB ban should be effective in stopping the worm,” Olson says. Asked if such a wide-spread measure was a bit of over-kill, Olson responded, “I don’t know.”

“I know this [is an] inconvenience,” e-mails one Michigan Army National Guardsman. “This has been briefed to the CoS [Chief of Staff] of the ARMY. This is not just a problem for Michigan, and is effecting operations around the world. This is a very serious threat and should be treated as such. Please understand that this is a form of attack, and we need to have patience in dealing with this issue.”
The military relies heavily on the use of removable storage devices to store information since bandwidth is often scarce out in the field and networks are often considered unreliable.

What’s causing the problem?

It is speculated that a virus named Agent.btz is the culprit. It’s a variation of the “SillyFDC” worm which spreads by copying itself to thumb drives. When the drive or disk is plugged into a second computer, the worm replicates itself again — on the PC. Once installed it automatically downloads malicious software code from the Internet. (Source: f-secure.com)

Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified circumstances.

See: US Military Report on Computer Threat

Tags: , , , , , , , ,

ISS Catches Worm

October 3rd, 2008 | No Comments | Posted in Security, space

A computer virus intrusion aboard the ISS in july has prompted astronauts to updated their anti virus software on all the laptop computers aboard the station.
Kelly Humphries NASA representative for the Johnson space center in Houston said
Oleg Kononenko, a Russian cosmonaut, was busy updating the anti-virus protection software on the russian side of the International space station.

The process is really very much like the one folks on earth are familiar with, however the software itself is proprietary.
The relatively low risk virus, W32.Gammima.AG which is a worm and was designed to seek out passwords for online computer games, was first discovered aboard the station on July 25 after being detected by the station’s anti-virus screening software. Critical computer systems used for navigation, communication and life support were not infected, NASA technical staff were however very interested to find out exactly how the computer virus got to the station.
There are apparently more than 50 computers among all the ISS modules that is used within the space crafts network

Tags: , , , , , ,