Security firm Symantec's latest "Internet Security Threat Report" found that malicious attacks and malware variants are more prevalent than ever, and are being delivered to their victims in mass and targeted ways.
Trying to solve the spam epidemic? It might be time for organizations to look inward, as machines that are unknowingly seeded with malware are the reason for the botnet scourge.
Spam volume dropped dramatically from 379 billion messages daily in August 2010 to 124 billion this November, according to Cisco, as crooks opted for more pinpointed attacks that could fly under the radar.
Spammers have begun trying to capitalize on the Cyber Monday buying frenzy.
Most spam messages sent in recent days have been delivered with subject lines containing fake order or ticket numbers, delivery invoices, payment notices or tax information, according to researchers from security firm Websense.
The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.
Rummaging through my spam folders, I found a pretty kettle of phish...
Fallout continues, and new corporate victims come to light after the massive breach of an email marketing services provider.
Federal agents arrested the alleged ringleader of an international securities fraud racket that used hackers, botnet operators and email spam to drive up the value of stocks.
Researchers at the nonprofit Shadowserver Foundation believe they have identified a new version of either the Storm or Waledac worm, thanks to a large-scale influx of New Year's-themed spam. The emails purport to be a New Year's greeting card but contain a link to a malicious domain, claiming to host a fake Flash Player that actually is an exploit. The evil domains use fast-flux techniques to hide the host server. "The whole point of this botnet is to install malware onto systems of unsuspected visitors," researcher Steven Adair wrote on the Shadowserver blog. Storm first appeared on the scene in 2007, capitalizing on current events and holidays, and was effectively replaced by Waledac in 2009. - DK
A Russian man who is believed to be the operator of the Mega-D botnet, one of the largest spam senders in the world, has been arrested and is scheduled to be arraigned on Friday in federal court.
Google has fixed what is being described as a serious security flaw that allowed a hacker to harvest Gmail addresses and send spam from the search giant's servers.
Apple's new social media service Ping already is being abused by spammers, security experts are warning.
The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM
Spammers are increasingly abusing free online link shortening services, resulting in a significant increase in the amount of spam containing shortened links over the past year, according to a Symantec report, released Thursday.
Organizations in the engineering, automotive and accommodation sectors receive the most spam, according to a new Symantec report.
Kraken, a large and difficult-to-detect botnet that peaked in 2008 and was dismantled by early 2009, is back, and anti-virus solutions are struggling to detect it, according to university researchers.
Researchers at anti-spam firm Red Condor are warning users of malicious emails crafted to look like a legitimate thread of forwarded messages discussing Adobe software vulnerabilities. The thread begins with an email supposedly coming from an employee in Adobe's Risk Management department that warns recipients of a denial-of service-vulnerability and urges them to apply a patch. Adding legitimacy to the campaign, the emails appear to have been forwarded by people of higher positions in the recipient's organization. The messages contain a link to an executable, which has been identified as a trojan. Adobe, in a Wednesday blog post, advised people to ignore the email. — AM
Cybercriminals are leveraging the growing popularity of Google Chrome to spread malware, according to researchers at anti-virus company BitDefender. Virus writers are sending unsolicited emails stating that a new extension of the browser is available. The messages contain a link, which, if followed, directs users to a spoofed Chrome Extensions page that offers a malicious executable. Researchers identified the malware, an ".exe" file instead of a legitimate ".crx" extension, as a trojan that attempts to block access to Google and Yahoo pages and redirect users to fake versions of those sites. — AM
Between now and Sunday, users should be careful not to fall for email ruses capitalizing on the Easter holiday, security firms are warning.
US-CERT warned Friday of a new email scam using the threat of a lawsuit to dupe unsuspecting recipients into installing malware on their machines. First reported by the SANS Internet Storm Center, the phishing messages appear to come from legitimate law firms and are targeting colleges. The email contains a malicious link to a supposed lawsuit, which is being sent "due to a completely inadequate response from your company for copyright infringement." Users are encouraged to ignore the malware-laden email. — DK
Despite awareness around spam, half of email recipients are responding to junk mail messages, according to a survey released this week by the nonprofit Messaging Anti-Abuse Working Group.
Spammers are on the Valentine's Day prowl already, and more ploys are expected, researchers at Trend Micro said Monday.
Alan Ralsky, mastermind of a fraud campaign that delivered tens of thousands of junk mail messages designed to inflate stock prices, was sentenced Monday to 51 months in prison.
There's a new botnet in town. Known as Festi, the network of zombie computers now is responsible for three to six percent of daily spam, or about 1.5 to three billion emails, according to the latest MessageLabs research released Thursday. The botnet, which was responsible for virtually no spam as recent as August, has managed to increase its output by recruiting new zombie computers and delivering significantly more spam from each compromised node. The junk mail typically pushes goods, such as male enhancement pills and jewelery. -- DK
During the third quarter of the year, spam accounted for 92 percent of all email on average, which breaks the previous record-high volume set during the second quarter of 2009.
Facebook has won a $711 million civil action against reputed spammer Sanford Wallace, who may now face prison time as a result.
Researchers at web security firm Websense on Monday warned Facebook users to be on the lookout for a phishing email that attempts to trick them into believing their password was reset, which could lead to their PC being hit with a trojan. The bogus messages, which have been spoofed to make it look like they are coming from Facebook, falsely inform recipients that their password has been changed due to safety concerns. They are encouraged to click on a ZIP attachment to view their new password. However, that file actually contains a poorly detected executable that installs additional malware on the victim's computer and joins it as part of the Bredolab botnet. -- DK
Spammers are using an original tactic to promote advertising content -- they have begun using actual YouTube videos to advertise their goods, according to researchers.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- PCI DSS version 3.2 release extends multifactor authentication requirement
- New site on dark web offering one-stop ransom services
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- PCI DSS version 3.2 release extends multifactor authentication requirement