Unsolicited email was first considered a bit of joke earning the jocular name of spam. However, as the spam volumes rose to epidemic proportions what was a minor crisis in the life of an IT professional soon snowballed into a major crisis. Factual figures estimate that spam amounts to nearly 95 percent of all emails. According to Jupiter Research reports, the active email consumer received a shocking 3253 pieces of spam in 2005.

This matter has to be taken up seriously these days. The daily flood of junk email has an adverse effect on the corporations by clogging their networks and filling up mail server bandwidth. It can also act as a gateway for serious network related threats such as Trojans, viruses, worms, and phishing scams that penetrate corporate networks. The cost of spam not just involves the cost of providing the extra bandwidth but also encompasses all the IT Departments protecting their organizations from the various threats as just seen.

Spam is a driving force behind the increasing number of data breaches in the corporate world. The impact of international awareness and the enforcement of anti-spam laws in countries like USA have forced the spammers to shift their operations to countries where the law is less regulated. According to the IT security firm Sophos, the spam operators are working hand in glove with hackers and virus’ writers with 60 percent of all spam coming from computers infected with malware. According to Webroot Software’s State of Spyware report 2005 was considered as the biggest year yet for spyware.

Apart from just the security threats the firms face from spam, there are concerns that are even more serious the firms face. In today’s world where corporate ethics matter a lot, firms are increasingly accountable for the actions of their employees. Any offensive message from a disgruntled employee can tarnish the name of the organization. Since there can be no definitive solution, the only way to reduce the threats of the email related threats is to deploy ever more sophisticated server side filtering to filter out spam and malicious emails from reaching the network.

A survey of Bank of Scotland (BoS) has found that about 37% of UK small firms were badly hit due to unsolicited spam, viruses, and faxes. The study has found that though the cost of minor data losses and firewalls is less than 1000 Pounds a year for two-thirds of small firms a full-scale virus attack can be terminal on entrepreneurs on tight budgets. For over fifty firms polled, it was found that there was one firm approximately, for which the cost of the viruses exceeded 10,000 Pounds a year. A further 40 percent of the managers claimed that junk email significantly added to their costs, while one in ten lost an estimated 10,000 Pounds a year through lost productivity and purchasing email filtering systems. Though laws have come up which state that individuals are not allowed to send emails or any other means of communication without prior permission, these are valid only in the UK and did not provide any help in reducing the flood of spam in the USA.

According to Eddie Morrison of BoS computer viruses are clearly one of the scourges of our business age. He observes that it has become increasingly easy for small firms to be bombarded with multiple unsolicited emails and faxes for advertising and other purposes.

Small firms are even more vulnerable to spam with a junk of them still without a junk email policy. The research conducted by Clearswift has found that 34 percent of small companies do not have measures in place to combat spam, while a further 57 percent of firms with a policy of not communicating about it to the staff.

As Scareware threats are on rise, millions of Internet users are falling prey to the Scareware scams.

Scareware adopts bogus sales tactics that are designed to scare a user into believing that his or her computer contains critical errors or viruses that have to be fixed immediately. Scareware ads offer an instant solution to the so-called problems on the computer and come for a price. In some cases, this software is harmless – while in others – it is actually a malware or another spyware. The ad might pop up anytime when surfing the web. The ad may open a pop-up window leading people to believe that the message is triggered by their own Operating System. The message claims that the consumer’s computer is infected with a virus and may require a “fix” and that clicking on “OK” would take the user to the download site from where the user could purchase the “fix”. By luring the victims to buy the software, the perpetrators may even steal sensitive information such as credit card details of the victim and these details may be sold to black market forums.

As of June 2009, over 250 rogue programs had been detected by Symantec in a study, which spanned over June 2008-09. Bogus security software could be freely available, may cost up to US$100 or come in a trial version. They may be installed manually by the user or when he opens an attachment or while surfing through a malicious website. Scareware can also be unknowingly advertised on legitimate websites such as social-network sites, forums, blogs, and appear in search engine results that are sponsored by cyber criminals. These crooks also hire sales representatives to sell their products who earn an average of US$23,000 a week. They are paid for every installation they make and even get bonuses like electronic gadgets and luxury cars.

Another tactic of Scareware is scaring users with unanticipated images, sounds or video. This is known as Prank software. An example of this kind of software is “NightMare”, which when executed lies dormant for some amount of time, finally changing the entire screen of the computer to an image of a skull while a horrifying shriek is played on the audio channels.

Many cases have been filed against the perpetrators of such sites and they have been asked to pay for the damages caused by them. In 2005, Microsoft and Washington State successfully sued Secure Computers for US$1million over charges of using scareware pop-ups. Various regulatory bodies like the US Federal Trade Commission are taking an active part in trying to put an end to this menace.

However, it is your responsibility to be aware of these things and avoid being trapped.

As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.

Mozilla Firefox is a popular browser used by millions of Internet users all around the world. The coolest feature of Mozilla Firefox is its compatibility to add more and more plugins and enable yourself with advanced browsing.

However, we need to update our plugins as soon as a new version is available. Updates of these plugins will not only cover new features of the plugin, but also will address some vulnerability to security threats during browsing. Many people ignore it as it takes little time (a matter of no more than 2 minutes) for the plugin to update and restart the browser. This increases their risk to security threats online like malware, viruses, botnets, etc.

How to check if your plugin is up-to-date? Just click here or copy paste this URL in your browser https://www-trunk.stage.mozilla.com/en-US/plugincheck/.

The window that opens will let you know the status of your plugin.

• Green indicates that your plugin is up-to-date.
• Yellow indicates outdated but without known vulnerabilities.
• Red indicates that the plugin is known to have security holes and is outdated.
• Don’t worry about the Grey colored plugin.

Update your plugin frequently for safe and better browsing.

Email users can help reduce the spam outflows in the Internet. When a user signs up for something online, he should be careful while checking checkboxes and must not check checkboxes for additional offers. Else, he will receive email from partners of the site he signed up at. It is advisable to use freebie accounts to fight spam. Create a few freebie accounts, direct them to your main account, and use those freebie accounts to sign up for something online. If an account is spammed disable or abandon it. One word of caution: Never use your primary email address to sign up for anything. At the very least a user should use three accounts: one for business, one for personal stuff and another for online shopping .

There are many freebie accounts available in the market today, the primary of which are AOL/AIM, AOL My eAddress, Excite, Fast Mail, Google Mail, Goowy, Hotmail/MSN Inbox, Lycos, MyWay Mail, Rock.com, and Yahoo!

If a user plans to use a freebie account as his main account, it is recommended that he use Gmail. Google Mail is arguably the most productive well thought out free email offering available, with highly efficient spam filters, loads of disk space for messages, and has Google with third party plug-ins to increase productivity.

There are also expendable email address services that have more selective disabling features than regular free email accounts. Having your own domain might include 50 to 100 email addresses as part of your hosting package. You can use these addresses for newsletter or shopping sign ups and redirect each account to a main account.

Whatever you may go about doing, never publish your main email address anywhere online. You can use freebie accounts, which can be dropped when necessary. Use a CAPTCHA image based code to separate spambots from human visitors. Encode your email address like me*AT#hotmail#DOT*COM so that humans can easily read them.

Few of the ISPs add junk mail header status information to messages passing through their mail servers. If the email client is suitable, you can write a “filter rule” to ditch any message whose header includes “X-Spam-Status:Yes”. The disadvantage is that there could be false positives on spam needing you to check the spam folder on a weekly basis.

You can also write your own command line email filters in a scripting language like Perl or Python; both of which have superior regex pattern matching abilities. Write a program to grab your email (copies) off POP or IMAP email servers. Build a frequency table for the keywords by saving the IPAddress information for each message. If the data is saved for long term profiling keep the spam information in a separate database. If some words in the message raise flags, compare their frequency counts against other words. This step should be manual until you build up long-term profiles. If its spam, delete the original copy of your mail server. An Operating System like Linux gives you the facility to integrate custom filters into your email client.

Windows 7 OS is scheduled to be available to the public market in just over a month. There are many doubts and apprehensions about the capability of this OS as its earlier version Vista is a failure. It seems Microsoft has given enough weight this time to what the Windows users really wanted – a simpler and friendly OS. Windows 7 has some novel features while improving the older ones. Moreover, some flop features in Vista are removed from Windows 7 to improve the performance.

There are some advantages along with disadvantages of opting to Windows 7. The following information may help you in deciding whether you really need to upgrade to Windows 7-

Reasons to switch to Windows 7

1. Application compatibility can be achieved by “Windows XP mode” by running virtual windows XP machine.
2. Windows live essentials: It is a free software that make possible to do more things like instant messaging, e-mail, photo editing, and blogging.
3. Improved search operation performance, as results will come instantly as categorized in groups. Moreover, key words are highlighted enabling easy file identification.
4. Supports 64-bit PC that can handle huge amounts of information than a 32-bit system.
5. Power management can be efficiently done by new features such as, running less number of background activities, automatic screen dimming, unused ports are not run and life indicator to battery.
6. Multi touch technology allows to use more than one finger while operating the touch screen either at application level or system level.
7. Protect files with features such as “Use Bit Locker” and “Bit Locker To Go”
8. Continuous access to corporate resources with a broadband connection. No need to get a VPN (Virtual Private Network) connection.
9. The feature “Domain Join” allows to connect multiple PCs, with or without a server.
10. Supports 35 languages. So, you can easily switch among them by logging off, again logging on. Moreover, it supports handwriting recognition.
11. System startup, shutdown and resumes are faster.
12. Appearance of the desktop has improved by including fresh wallpapers, retooled task bar and improved gadgets
13. Easy data sharing between two or more PCs by using “Share with” option.
14. Windows 7 can read larger than 131 GB hard drive (unfragmented).
15. Upgrading Vista to Windows7 will get 223% better performance while running IE8.
16. In Action Center you can find information you need regarding system maintenance, trouble shooting, security issues etc.

Reasons to avoid Windows7

1. Older PCs doesn’t have hardware compatibility to achieve ‘Windows XP mode’.
2. Windows7 provides less battery life to the notebooks than Windows XP.
3. Need to do clean install if you want to upgrade from XP to Windows7.
4. If you’re an XP user you need to learn a new user interface.
5. Runs the browser 11.5% slower than Windows XP.
6. Requires high configuration like Vista.
7. Very expensive to buy.

Comparison of System Requirements:

These descriptions and features will help you in learning ins and outs of Windows 7. Windows 7 has fixes to the drawbacks in Vista and it is desirable to move to the new OS. For the XP users, you may need to think twice before moving to Windows 7. Ultimately it is you to decide based on your computer usage and requirements.

PS: Click here to view the the original context of this post.

Related Links:
Wan optimization

The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing

Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing

People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

McAfee says that searching for Yuvraj and Aishwarya in the cyberspace can damage one’s PC. The research from McAfee on India’s glamorous celebrities from the world of cinema, cricket and politics to reveal the most risky celebrities on the web, has rated Yuvraj and Aishwarya on top.

Fans searching for ‘Yuvaraj Singh wallpapers’, ‘Yuvraj Singh downloads’, ‘Yuvraj Singh photos’, or ‘Aishwarya Rai wallpapers’, ‘Aishwarya Rai videos’, and ‘Aishwariya Rai screen savers’ have a one in five chance of landing at a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Spammers and malware authors are cashing on the search terms for latest celebrity news and download to lure people to open their malicious websites.

The other celebrities in the list are M. S. Dhoni, Namitha, Shriya Saran, Harbhajan Singh, Sania Mirza, Asin, Bipasha Basu and Shahid Kapoor.

IBM’s X-Force 2009 Mid-Year Trend and Risk Report says that there has been a tremendous increase of 508% in malicious web links over Internet during first half of 2009. The malicious content was found even on trusted sites, including search engines, blogs, bulletin boards, personal websites, online magazines and mainstream news sites.

“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” says X-Force Director Kris Lamb.

“The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content, and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”

Highlights of the report include:
Vulnerabilities rate decreases by 8%
The number of new vulnerability disclosures in the first half of 2009 was 3,240, an eight percent decrease over the first half of 2008. This is at the lowest level in the past four years. The number of new, high severity vulnerability disclosures is down by nearly 30 percent in comparison to 2008. Sun replaces Microsoft as the top spot of vendor with the most vulnerability disclosures. When it comes to OS vulnerabilities, Sun Solaris surpassed Apple in terms of new OS disclosures.

Spam and Phishing
In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. Online payment targets now make up 31 percent.

Malicious websites continue to flourish
The overall number of countries with at least one malicious link has significantly increased, up 80 percent over the entire year of 2008. The number of new malicious Web links increase by 508%. Malicious websites are opting new techniques to entice users to click on malicious links. Apart from Gambling and Pornography, Search Engines and Social Media Web sites like blogs and bulletin boards are also in the top categories of Web sites compromised or simply abused by attackers to host malicious links.

Trojans continue to take up a greater percentage of new malware
Trojans continue to take up an even greater percentage of the new malware discovered this year. They have increased by 9%, comprising 55 percent of all the new malware discovered in the first half of this year in comparison to 46 percent in 2008. Information-stealing Trojans are the most prevalent malware category.

Trends of Unwanted Internet Content
The report says that Unwanted or “bad” Internet content is associated with three types of Web sites: adult, social deviance and criminal. About 8% of current Internet comprises of unwanted content.

Conficker conflict
“Conficker was created by the cybercriminals as a platform for mass distributing any executable content they want – it can be an updated version of Conficker, and more importantly monetize this distribution platform by distributing other types of malware.

Blended threats such as Conficker will try to infiltrate systems using a number of possible means. Computers protected by weak passwords, unsecured shares and without latest security updates are more likely to be infested with Conficker worm. Infected removable devices (USBs and external hard drives) have high possibilities of spreading it.

This recent report from IBM exposes the dramatic increase in vulnerabilities and threats over Internet. It is a major concern this time where a vast percentage of businesses are shifting to Internet for transactions like marketing, selling, providing services, payments, etc. It also puts millions of internet users at stake. It is high time for online businesses and internet users to get aware of these threats and precautions.
Related Links:
Automotive marketing

An email pretending to offer even to pay the flight ticket to US along with VISA and accomodation, is very rare to find. The new VISA lottery scam email interestingly has all these features. This scam email offers you a single visa for about 980 USD and a family visa for 1520 USD. A flight ticket along with accommodation in US! Very enticing, isn’t it?

But, “We advise everybody not to fall for such things because you will be very disappointed,” says Sorin Mustaca of Avira.

According to what he wrote in Avira’s blog

“And now, as usual, comes the funny part, as in any scam attempt we’ve seen.

• Despite the fact that it is mentioned in the picture the “Asia-Pacific agent” for the VISA processing, the contact email addresses are in … Europe. They belong to a free web mail system in the Czech Republic.
• The text is very hard to read because it is full of grammatical mistakes and sentences which don’t make too much sense.”

The image of this scam email is attached below.

Courtesy: Avira Blog.