Business-like, isn't he?



Business in Vancouver logo

    Wins and losses in the ongoing battle against spam and malware

    by  Alan Zisman (c) 2008 First published in Business in Vancouver May 20-26, 2008; issue 969

    High Tech Office column

    There’s good news and bad news on the computer security front.

    Infestations of the Storm botnet are way down. In April, the number of computers infected with Storm were estimated at a mere 5% of its one-time high, affecting perhaps 100,000 systems versus earlier estimates of up to two million. Computers infected with Storm act without their owners’ knowledge as part of a large network, distributing spam e-mail. As a result of the decrease, Storm-sent spam was down 57%.

    Microsoft was quick to claim responsibility for the malware decrease; the company has been making “malicious software removal tools” part of its Windows updates and has been checking for Storm since last September. Other security companies, though, dispute Microsoft’s claim.

    While the Storm storm was abating, other security perils have grown. Security company MessageLabs reported that it identified an average of 1,214 new websites each day in April hosting any of a variety of nasty stuff – spyware, adware and assorted malware –that was nearly double the number identified in March.

    And Damballa security researchers reported that another botnet, which they’re naming Kraken, has infected more than 400,000 systems.

    Adding to the worries: Kraken has been designed to evade most current antivirus software. Damballa estimates that more than 80% of systems running anti-virus software fail to detect it. And while common wisdom has held that botnet infestation was primarily a problem for home users, Damballa reports that Kraken is showing up on systems in large enterprises. It reports finding it on computers from at least 50 Fortune 500 companies.

    As with Storm, systems infested with Kraken act as spam servers; a single infested system can send out as many as half a million messages each day. All told, the Kraken/Bobax botnet network churns out roughly nine billion spams daily. Damballa researcher Paul Royal expects the number of Kraken infections to continue to grow, and suspects the self-updating infection could also be manipulated for other uses.

    Users typically become infected by attempting to view a purported image file attached to an e-mail message. Because Windows typically hides the three-letter file extension that indicates file type, a malware program file named “Vacation photo.jpg.exe” would appear to most users as just “Vacation photo.jpg.”

    (Hint for Windows users: open My Computer or Explorer. Click on the Tools menu, then on Folder Options. Go to the View tab and remove the checkmark from [x] Hide extensions for known file types.)

    The top 11 botnets, according to Jon Stewart of SecureWorks, control more than one million systems that send out an estimated 100 billion spam messages a day offering loans, gambling, faux designer watches, pharmaceuticals and promises of larger “tools.”

    Veteran security firm Symantec has also noted the increase in perils. The company’s latest Internet security threat report, which covered the second half of 2007, noted that the number of different computer viruses and related threats in circulation has now topped one million. According to the company, almost two-thirds have been created during 2007, to fool anti-virus software.

    As in previous years, virtually all attacks are aimed at Windows systems. Mac users got a shock, however, at the Pwn2Own competition, at the CanSecWest conference in Vancouver in March. Three new notebooks, one each running Windows Vista, Mac OS X and Ubuntu Linux were available to hackers to attack. The first to fall: the Mac.
    None of the systems were successfully attacked on the first day, when only the operating systems could be hacked – good news suggesting all have improved security. On Day 2, when would-be attackers could attack additional software, the Mac fell victim to a since-patched vulnerability in Apple’s Safari web browser. On Day 3, the Vista system fell to a flaw in Adobe’s Flash. The moral: keep your systems up to date.  •

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan
Search WWW Search