Wins
and losses in the ongoing battle against spam and malware
by
Alan Zisman (c) 2008 First published in
Business
in Vancouver May 20-26, 2008; issue 969
High Tech Office column
There’s good news and bad news on the computer security front.
Infestations
of the Storm botnet are way down. In April, the number of computers
infected with Storm were estimated at a mere 5% of its one-time high,
affecting perhaps 100,000 systems versus earlier estimates of up to two
million. Computers infected with Storm act without their owners’
knowledge as part of a large network, distributing spam e-mail. As a
result of the decrease, Storm-sent spam was down 57%.
Microsoft
was quick to claim responsibility for the malware decrease; the company
has been making “malicious software removal tools” part of its Windows
updates and has been checking for Storm since last September. Other
security companies, though, dispute Microsoft’s claim.
While the
Storm storm was abating, other security perils have grown. Security
company MessageLabs reported that it identified an average of 1,214 new
websites each day in April hosting any of a variety of nasty stuff –
spyware, adware and assorted malware –that was nearly double the number
identified in March.
And Damballa security researchers reported
that another botnet, which they’re naming Kraken, has infected more
than 400,000 systems.
Adding to the worries: Kraken has been
designed to evade most current antivirus software. Damballa estimates
that more than 80% of systems running anti-virus software fail to
detect it. And while common wisdom has held that botnet infestation was
primarily a problem for home users, Damballa reports that Kraken is
showing up on systems in large enterprises. It reports finding it on
computers from at least 50 Fortune 500 companies.
As with Storm,
systems infested with Kraken act as spam servers; a single infested
system can send out as many as half a million messages each day. All
told, the Kraken/Bobax botnet network churns out roughly nine billion
spams daily. Damballa researcher Paul Royal expects the number of
Kraken infections to continue to grow, and suspects the self-updating
infection could also be manipulated for other uses.
Users
typically become infected by attempting to view a purported image file
attached to an e-mail message. Because Windows typically hides the
three-letter file extension that indicates file type, a malware program
file named “Vacation photo.jpg.exe” would appear to most users as just
“Vacation photo.jpg.”
(Hint for Windows users: open My Computer
or Explorer. Click on the Tools menu, then on Folder Options. Go to the
View tab and remove the checkmark from [x] Hide extensions for known
file types.)
The top 11 botnets, according to Jon Stewart of
SecureWorks, control more than one million systems that send out an
estimated 100 billion spam messages a day offering loans, gambling,
faux designer watches, pharmaceuticals and promises of larger “tools.”
Veteran
security firm Symantec has also noted the increase in perils. The
company’s latest Internet security threat report, which covered the
second half of 2007, noted that the number of different computer
viruses and related threats in circulation has now topped one million.
According to the company, almost two-thirds have been created during
2007, to fool anti-virus software.
As in previous years,
virtually all attacks are aimed at Windows systems. Mac users got a
shock, however, at the Pwn2Own competition, at the CanSecWest
conference in Vancouver in March. Three new notebooks, one each running
Windows Vista, Mac OS X and Ubuntu Linux were available to hackers to
attack. The first to fall: the Mac.
None of the systems were
successfully attacked on the first day, when only the operating systems
could be hacked – good news suggesting all have improved security. On
Day 2, when would-be attackers could attack additional software, the
Mac fell victim to a since-patched vulnerability in Apple’s Safari web
browser. On Day 3, the Vista system fell to a flaw in Adobe’s Flash.
The moral: keep your systems up to date. •