There’s a zombie invasion going on – and it could have infiltrated your business, your home office, or even the corner of your bedroom.
Of course, it’s not the kind of zombies beloved by the movie theatres but instead the problem of compromised computers being controlled by a remote hacker.
Many members of the public still haven’t understood that spammers don’t use their own PCs to send spam – instead they create botnets of commandeered computers around the globe (also known as “zombies”), which can be used to relay spam, send out malicious links and even launch distributed denial-of-service attacks.
If they did understand the problem, maybe they would put more effort into protecting their computers.
Sophos has today published a new report, revealing the top twelve spam-relaying countries around the world. We call the list the “dirty dozen”, and because virtually all spam is sent from compromised PCs, it’s a pretty good indication of where the botnets have got the tightest hold.
The top twelve spam relaying countries for January – March 2011
|5. S Korea||3.8%|
|6. United Kingdom||3.2%|
Although the USA and UK contribution to the global spam problem has decreased in percentage terms, it is essential for organizations not to become complacent. Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also to steal identity and bank account information.
Computer users must be educated about the dangers of clicking on links or attachments in spam mails – and many computers may already be under the control of cybercriminals. Businesses and computer users must take a more proactive approach to spam filtering and IT security in order to avoid adding to this global problem.”
In all, we counted spam being sent from an astonishing 229 countries around the world during the first quarter of 2011. So everyone, no matter where they live, should be taking more care of their personal computer’s protection.
For as long as spam continues to make money for the spammers, it will continue to be a global problem. Too many computer users are risking a malware infection that sees their computer recruited into a spam botnet. To combat the spammers, it’s not only essential for computer users to run up-to-date security software, they must also resist the urge to purchase products advertised by spam.
So, don’t add to the statistics, do your bit in the fight against spam and don’t allow your computer to become a zombie.
Keeping your security patches up-to-date, your anti-virus defences in place and having a good helping of common sense can help avoid your computer from being recruited by the bad guys.
Source :- http://nakedsecurity.sophos.com
- The dirty dozen spam-relaying countries revealed (nakedsecurity.sophos.com)
- Global Appetite for Spam Takes Asian Flavor (blogs.wsj.com)
- Spam in the First Quarter of 2011 – Securelist (securelist.com)
- US leads in spamming globally (aptantech411.wordpress.com)
- Facebook spam prevention scam spreading like wildfire (go.theregister.com)
- 9 Thoughts on Stepping Up Spam and Malware Enforcement (circleid.com)
- How does Canada’s spam output fare globally? – Page 1 – Security (itworldcanada.com)
- Relay Stent-Grafts Show Promise In Treatment Of Aortic Dissection Patients (medicalnewstoday.com)
- Microsoft, Feds Bring Down BotNet Spam Ring, Boner Pill Emails Drop Almost 40% (geekologie.com)
- China cleans up its spam problem (infoworld.com)
- The Distribution of Botnets Since Rustock Went Down (circleid.com)
Here’s a typical message:
Free Subway Gift Cards - Limited Time
Get Your Free Subway Gift Card Now! Click for Details
So, what’s going on here? Well, the first thing to realise is that it’s not something endorsed by Subway.
Although the link you click through to has no qualms about using Subway’s logo, and images of meals you can purchase at Subway, it’s actually from an independent third party company.
Many people will probably be so keen to receive $100 worth of Subway meals that they won’t read the small print at the bottom of the page:
The above listed merchants or brands in no way endorse or sponsor FreeGiftCardSon.us's offer and are not liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners.
FreeGiftCardSon.us is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete a total of 5 Sponsor Offers as stated in the Gift Rules (4) not cancel your participation in more than a total of 2 Sponsor Offers within 30 days of any Sponsor Offer Sign-Up Date as outlined in the Gift Rules (the Cancellation Limit) and (5) follow the redemption instructions.
The pages ask you some simple and apparently harmless questions: are you male or female, which age group do you fall into, etc.. before asking for your email address.
At this point the page tells you that you must post the message onto your Facebook page in order to qualify for the free $100 Subway gift card.
In this way the message is spread virally to your Facebook friends.
But there’s still no sign of your free Subway gift card, because the site now wants you to hand over much more personal information, including your name, address, email address, full date of birth, cellphone and telephone number etc.
Again, notice that the webpage doesn’t seem to have any issue with using the Subway logo – despite not being affiliated with Subway. Clearly this is done in an attempt to trick Facebook users into believing that they are talking directly to the high street brand.
According to the small print, you’ll have to complete multiple “sponsor offers” before they will even consider sending you a gift card – which may cost you both in time and money, but also the sheer treasure trove of personal information you will have handed over.
Sophos advice? Avoid these “offers” as they’re unlikely to ever prove fruitful, and may result in you handing over a wealth of data about yourself to complete strangers. When you agree to post a message about such gift cards on Facebook, you are putting your online friends at risk of having their privacy damaged too.
Source :- http://nakedsecurity.sophos.com
- WIN A $50 Gift card to Earth Fare! (agourmetcupboard.wordpress.com)
- AMP 150 $25 Gift Card Giveaway (agourmetcupboard.wordpress.com)
- Win a $100 CVS/pharmacy Gift Card and Taylor Swift’s Album! (ellen.warnerbros.com)
- Win a $25 Amazon Gift Card Today Only! (blisstree.com)
- Ask The Readers: Do You Buy In Bulk? (wisebread.com)
- Gift cards are so impersonal. (ask.metafilter.com)
- Plum District, get at $10 Target gift card today! (wholesomedeals.wordpress.com)
- Plum District: FREE $20 Target Gift Card – HURRY (alaskasbestgrocerydeals.blogspot.com)
- Hipsters Are Destroying New York, Claims Subway Rag (theawl.com)
- Free Subway gift card spam spreading on Facebook (nakedsecurity.sophos.com)
The report, made public on Tuesday, is based on a survey of 2,089 members of a TNS interactive consumer panel. Using that sample, the magazine was able to estimate that more than 5 million Facebook users are 10 years old and younger, making up the bulk of the 7.5 million figure. Facebook’s terms of service require users to be at least 13 years old. To join, though, users merely have to enter their supposed birth dates when they sign up.
But Facebook’s screening requirements for minors may be a moot topic. In a statement, Jeff Fox, technology editor for Consumer Reports, said the majority of parents of kids 10 and under “seemed largely unconcerned by their children’s use of the site.”
Reps from Facebook could not be reached for comment.
This isn’t the first time Facebook’s policies on minors have been called into question. A class action suit filed in August in Los Angeles alleged that Facebook’s “Like” button triggered instances in which minors were endorsing products without their parents’ consent.
Source :- http://mashable.com
- Five million Facebook users are 10 or younger (news.consumerreports.org)
- Facebook had 7.5 million U.S. users under the age of 13: Survey (thestar.com)
- 15 percent of adult Facebook users falsify personal info (news.consumerreports.org)
- Millions of kids under 10 on Facebook, says Consumer Reports (inquisitr.com)
- Survey: 7.5 million Facebook users below minimum age (news.cnet.com)
- REPORT: 5 Million Facebookers Are Below Age 11 (allfacebook.com)
- Survey: 7.5M Facebook users below minimum age (news.cnet.com)
- @ FOX: Survey: 7.5M Kids on Facebook Are at Risk – Officials: Social Sites Increase Police Vulnerability (foxnews.com)
- Five million Facebook users are under age 11, how many play games? (games.com)
- 5 million users experienced abuse on Facebook (news.consumerreports.org)
GagaVille, a uniquely designed neighboring farm to FarmVille, that sports unicorns and crystals, according to Zynga, launches May 17. GagaVille visitors will get a first listen to unreleased songs from Gaga’s album Born This Way, available May 23. The full album also comes bundled as a free download when you buy a $25 Zynga game card at Best Buy.
The deal also includes a “Words With Gaga” contest in Zynga’s mobile Words With Friends game. Playing the designated Gaga word of the day — which will be announced on Gaga’s Facebook Page each day — will give players the chance to win concert tickets and a signed copy of Born This Way. Zynga is also giving players limited edition Lady Gaga virtual items on RewardVille that can be used across Zynga games.
Such a deal had been predicted after Gaga and Zynga collaborated on an earthquake relief effort for Japan in March. Last month, The Wall Street Journal reported that Zynga and Gaga were in discussions about a tie-in effort.
Source :- http://mashable.com
- Lady Gaga & Zynga Found GagaVille (mashable.com)
- Zynga Bringing Lady Gaga To ‘FarmVille’ with ‘GagaVille’ (multiplayerblog.mtv.com)
- Lady Gaga Joins Forces With Zynga (adweek.com)
- Cityville,Farmville,Lady Gaga, Gagaville,Coming to Zynga (socialdiets.wordpress.com)
- Cityville Lady Gaga, Gagaville, Coming to Zynga (socialdiets.wordpress.com)
- Zynga, Lady Gaga, bring GagaVille to FarmVille: Clash of the ‘Villes (games.com)
- Zynga, Lady Gaga Launch Massive Cross-Promotion That Spans FarmVille, Words With Friends (insidesocialgames.com)
- Zynga teams up with Lady Gaga through GagaVille (venturebeat.com)
- Welcome To GagaVille! (perezhilton.com)
- Lady Gaga Teaming up with Farmville for Born This Way | News (ladygaga.com)
Skype will be integrated into Microsoft devices and systems such as Xbox and Kinect, Xbox Live, the Windows Phone, Lync and Outlook, Microsoft said in a statement. The company has pledged to continue supporting and developing Skype clients on non-Microsoft platforms as well.
The deal, which was spearheaded by Microsoft CEO Steve Ballmer with assistance from Charles Songhurst, the company’s head of corporate corporate strategy, was completed Monday evening, AllThingsD reported earlier.
The acquisition is an expensive one for Microsoft. Not only is it the largest price Microsoft has paid for a company in decades, Skype is not yet profitable. Despite revenues totaling $860 million last year and operating profits of $264 million, the company lost $6.9 million overall, according to documents filed with the SEC. And the company carries $686 million in debt.
Much of the company’s appeal rests in its largest user base of 663 million, 145 of which use Skype monthly (Update: Microsoft says Skype has 170 million regular users), and 8.8 million of which are paying customers.
There is one clear set of winners here: Skype’s investors. A group including Silver Lake, Index Ventures, Andreessen Horowitz and the Canada Pension Plan (CPP) Investment Board purchased the company from eBay for $2.75 billion in September 2009.
In August, Skype filed for an IPO but put plans on hold after Tony Bates joined the company as CEO in October. Bates will take on the title of president of the Microsoft Skype Division and report directly to Ballmer.
Source -: http://mashable.com
- Microsoft confirms purchase of Skype for $8.5 billion (winrumors.com)
- It’s Official: Microsoft Acquires Skype For $8.5 Billion In Cash (paidcontent.org)
- Microsoft Plans to Buy Skype for $8.5 Billion (pamil-visions.net)
- Why Microsoft Is Buying Skype for $8.5 Billion [Voices] (voices.allthingsd.com)
- Microsoft Buys Skype, Facebook Wins… (bigthink.com)
- Microsoft to acquire Skype (microsoft.com)
- Microsoft to Acquire Skype for Over $8 Billion (slashgear.com)
- Microsoft Can Take Skype to The Next Level: Mobile & Living Room (readwriteweb.com)
- Microsoft Making Company’s Biggest Acquisition: Skype (searchenginewatch.com)
- Microsoft buys Skype for $US8.5bn (theinformativereport.com)
The study looked at Nielsen data from the 25 news websites with the highest number of unique monthly visitors. About 35% to 40% of traffic to the sites came from links on other sites, as opposed to readers typing in a URL directly or clicking to another page on the same site.
Unsurprisingly, Google dominated this referral traffic. On average, the company’s search and news products accounted for about 30% of all clicks. But Facebook also referred a significant percentage of each site’s audience.
“These percentages represent only a fraction of the traffic coming from Google,” says the study. “But they make Facebook an influential and probably growing force. As Nielsen’s numbers show, few domains affect audiences this much.”
For all its success at breaking news, Twitter did not have the same effect. The site with the highest percentage of traffic from Twitter, The Los Angeles Times, could only credit the micro-blogging platform with 3.53% of its traffic. Twitter referred a much smaller percentage of traffic to other sites in the study.
Part of the discrepancy between Facebook and Twitter referrals is their disparate user bases. Facebook has more than 500 million users while Twitter has 200 million accounts — many of them inactive.
But referral clout is not just a question of user numbers. The Drudge Report, a veteran news aggregation site, was the second or third ranked referral site to more than half of the sites studied. For example, the Drudge Report provided more than 30% of traffic to British newspaper The Daily Mail, 19% of traffic to the New York Post, 15% to The Washington Post, and 11% to the Boston Globe.
Source :- http://mashable.com
- For Top News Sites, Facebook Drives More Traffic Than Twitter [STATS] (fakeiitian.com)
- Surprise: The Drudge Report Drives More Top News Traffic than Twitter or Facebook (textually.org)
- Drudge Report Sends More Traffic Than Facebook or Twitter to Some News Sites (webpronews.com)
- Facebook having an impact on online news more so than Twitter (theinformativereport.com)
- Facebook sharing sending readers to big news sites (theglobeandmail.com)
- STUDY: Facebook Sharing Sending Readers To Big News Sites (huffingtonpost.com)
- Facebook’s growing influence on the spread of news (reportr.net)
- Drudge Generates More News Traffic Than Social Media (news.slashdot.org)
- Facebook, Twitter Influencing The News (lezgetreal.com)
- How To Solve The Online News Riddle? Turn “Casual Users” Into “Power Users” (fastcompany.com)
A couple of weeks ago Sophos explained why you shouldn’t reveal your Royal Wedding guest name. Now Sophos have to warn you that celebrating Mother’s Day can lead to you giving away too much personal information about your children.
Here’s a message which has been passed around on Facebook for a few days:
See what they’ve done? They’ve told me the name of their children and their precise date of birth. And I’m not even friends with them, they’ve left their profiles open for the entire world to see because they haven’t followed best practice guidelines for Facebook privacy settings.
And – don’t forget – when you share a piece of information with everyone on Facebook, that actually means the entire internet for ever. This information by itself may not be enough to commit identity theft against your child, but it’s a stepping stone for fraudsters which can help them.
You shouldn’t post this kind of personal information onto the internet – tell people you love your children and are proud of them without revealing their full names or dates of birth.
If you use Facebook and want to learn more about threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.
Source :- http://nakedsecurity.sophos.com
- What Would TV Do? Mother’s Day Edition (buddytv.com)
- ‘Happy Mother’s Day’ From Child Fund International (huffingtonpost.com)
- My Mother’s Day (caregiving.com)
- PHOTOS: New Celeb Moms Celebrating Their First Mother’s Day (huffingtonpost.com)
- Happy Mother’s Day from Mama Raider to All Raiders’ Mothers (bleacherreport.com)
- Happy Mother’s Day (ncbookbunch.wordpress.com)
- Happy Mother’s Day to Our Favorite Fit Celebrity Moms! (fitsugar.com)
- Identity Theft (pastoralyn.wordpress.com)
- Epic Meal of the (Mother’s) Day (thedailywh.at)
- How Mother’s Day Facebook celebrations can lead to identity theft (nakedsecurity.sophos.com)
Another rogue application is spreading between unsuspecting Twitter users, claiming to tell you how many hours you have spent on on the network.
The messages all look pretty similar, and use a currently trending topic such as Richard Dawkins, Cheryl Cole landing the job of a judge on the US edition of “X Factor”, or it being Mother’s Day in the United States.
Richard Dawkins --> I have spent: 23.8 hours on Twitter! See how much you have: [LINK]
#zabecca --> I have spent: 20.9 hours on Twitter! See how much you have: [LINK]
Vidal Sassoon --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]
#5factsaboutmymom --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]
Even though you may have seen one of your friends tweet out a message like this, you definitely shouldn’t click on the link. It will take you to a rogue third-party application which asks your permission to connect with your Twitter profile.
If you do authorise the app it will be able to post messages to Twitter in your name, see who you follow on Twitter, grab your Twitter name and avatar, and update your profile. Now, why on earth would you want to give a complete stranger the ability to do that?
Unfortunately, you may be so desperate to find out how many hours they have spent on Twitter (after all, your friends appear to have already been though the process) that you will authorise the application.
Whereupon, the rogue application will tweet the offending message from your Twitter account. When I went through the process on a test Twitter account I run, I found that it tweeted out the message more than a dozen times in less than 30 seconds.
You may not realise that this is happening, however, as the app is distracting you with a message saying it is processing your results. After some whirring away, it asks you to enter your email address to have your results sent to you.
Stop right there! (if you haven’t already). Are you seriously going to give these complete strangers access to your email address too? They already know your Twitter account name, and can post to your Twitter page – now they’ll be able to email you as well!
I don’t know what the scammers plan to spam out to you, and it could – of course – be weeks or months before they do, but if you want to find out more follow me on Twitter at @gcluley.
If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.
Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.
Source :- http://nakedsecurity.sophos.com
- Hours spent on Twitter? Don’t click on scam spreading virally on Twitter (nakedsecurity.sophos.com)
- Unfollowed Me rogue application spreads virally on Twitter (pratyushkp.wordpress.com)
- Twitter 11.6 Hours Survey Scam Spreading Virally (pratyushkp.wordpress.com)
- 11.6 hours survey scam spreads like wildfire on Twitter (nakedsecurity.sophos.com)
- Your Online Timer survey scam spreads rapidly on Twitter (nakedsecurity.sophos.com)
- Profile Spy rogue application spreads virally on Twitter (nakedsecurity.sophos.com)
- Lord Gaga video banned? Twitter rogue app spread by scammers (pratyushkp.wordpress.com)
- Barred Lady Gaga video assault spreads on Twitter through rogue … (nigerianspam.com)
- Virally spreading scam spreads over Twitter (go.theregister.com)
The shots that took down Osama bin Laden were shots heard ’round the Twitterverse. A mind-boggling record of 12.4 million tweets per hour (5,106 tweets per second around the time of President Obama’s speech) helped to place all topics connected to the biggest news story of the year at number one this week.
It should be noted that despite the intensity of the bin Laden news, the Royal Wedding did come in at a close second.
To see the full list, check out the chart below. Because this is a topical list, hashtag memes and games have been omitted from the chart. The aggregate is based on Twitter’s own trending algorithm, and does not necessarily reflect raw tweet volume.
You can check past Twitter trends in our Top Twitter Topics section.
Top Twitter Trends This Week: 4/29 – 5/5
Osama bin Laden
|Al Qaeda leader Osama bin Laden was killed by a small team of Navy SEALs in Abbottabad, Pakistan. President Obama announced the news late Sunday night (ET).|
|Prince William and Catherine Elizabeth “Kate” Middleton were married on April 29, 2011 at Westminster Abbey.|
Harry Potter Movie/Book Series
|On Twitter, Harry Potter fans were talking about Luna Lovegood, Neville Longbottom, Molly Weasley, Severus Snape, Hermione Granger, Bellatrix Lestrange, Fred Weasley and Sirius Black.|
|Justin Bieber accidentally tweeted #pssst when he was trying to tweet #pissed instead, thus causing this to trend. People are tweeting secrets to one another or showing reasons why someone is “pissed.” Users asked their followers if they prefer Justin Bieber or Bruno Mars.|
|Much discussed football topics include Sunday’s upcoming Manchester United vs. Chelsea match, Lionel Messi, the retirement of Sami Tuomas Hyypiä, the Queens Park Rangers fault, the Champions League match Manchester United v Schalke and the Derby between two massive soccer clubs from Brazil: Grêmio Foot-ball Porto Alegrense and Sport Club Internacional.|
Star Wars Day
|Science fiction fans celebrated Star Wars on the 4th of May, tweeting the phrase “May the Fourth be with you!”|
|Lady Gaga fans were excited about the release of “Judas,” her latest music videol. And it’s not clear how or when it started, but users are tweeting “Lord Voldemort + Lady Gaga = Lord Gaga.”|
|On Thursday, R&B singer Chris Brown turned 22 years old and his fans sent him good wishes.|
|Fans were most vocal about the Miami Heat meeting the Boston Celtics in the NBA Conference Semi-Finals. Derrick Rose of the Chicago Bulls was announced the winner of the Maurice Podoloff Trophy as the 2010-11 Kia NBA Most Valuable Player Award.|
|Indonesian Tweeters were excited over an announcement that the band Owl City would be playing a concert in Jakarta on October 28. Also, fans were saying how much they liked the Owl City song “Vanilla Twilight.”|
Data aggregate courtesy of What the Trend.
Source :- http://mashable.com/
- See How One Man’s Tweet Told The World Osama Bin Laden Was Dead (businessinsider.com)
- Top 10 Twitter Trends This Week [CHART] (fakeiitian.com)
- 10 Historic Tweets That Captivated the World (mashable.com)
- The Power of a Single Tweet: How the Bin Laden News Broke on Twitter (newsgrange.com)
- Here Are The Non-Essential (Read: Celebrity) Tweets Inspired By Osama bin Laden’s Death (businessinsider.com)
- A Twitter Record That Has Nothing to do with Justin Bieber (techland.time.com)
- Osama bin Laden’s Last Tweet (humpdayreport.wordpress.com)
- Top 10 Twitter Trends This Week [CHART] (mashable.com)
- Rashard Mendenhall Loses Champion Endorsement Over Osama bin Laden Tweets (tipdrillzonline.wordpress.com)
- Solomon: Athletes’ tweets are for the birds (chron.com)
- L.A.’s Twitter trending: embarrassing? (laobserved.com)
- “Osama Bin Laden’s Death as Told by Social Media and Search Engines” and related posts (wordstream.com)
- Osama Bin Laden Dead – Top Search On Google (seroundtable.com)
- One Twitter user Live blogs from Osama Bin Laden’s raid (chatootsboots.wordpress.com)
Even more embarrassing was the fact that the stolen information was published on a Sony web server that reportedly is part of Sony Electronics.
The information disclosed contained names and partial addresses of Sony customers who had participated in a 2001 sweepstakes. Sony’s comment is as follows:
“The website was out of date and inactive when discovered as part of the continued attacks on Sony,”
This appears to be a partial repeat of what they disclosed in their second statement acknowledging that Sony Online Entertainment had been compromised. “Don’t worry it was old data on a forgotten server.”
I spoke with John Moe from Marketplace Tech Report on National Public Radio (NPR) last Wednesday. We discussed how long most organizations keep this kind of information and whether there are any regulations requiring it to be protected or deleted.
In an organization as large as Sony the hackers targeting them may be able to continue to find low hanging fruit… Unpatched old equipment at any of the various Sony subsidiaries could continue to embarrass Sony publicly.
Meanwhile, Sony Playstation Network users are starting to get quite impatient as they await the return of the online gaming service.
In this case Sony is certainly doing the right thing. It is better to be offline and identify what must be done to return the service to a secure state than to simply turn it back on and allow attackers to target even more data.
Remember arcades? You can “chat” while competing and you even might see the sunshine when you leave the house. It will be okay gamers, soon enough you will be able to return to your couches.
Source :- http://nakedsecurity.sophos.com
- Sony succumbs to another hack leaking 2,500 “old records” (nakedsecurity.sophos.com)
- Sony may offer cash bounty for PSN hackers (electronista.com)
- Sony’s PlayStation Network hack attack repair bill: $1.6 million or $1.25 billion? (venturebeat.com)
- The Sony Horror Hacker Show (tjantunen.com)
- Sony cuts off Sony Online Entertainment service after hack (macworld.com)
- Two veteran Anonymous members say group is responsibile for Sony attacks (boingboing.net)
- Playstation Network Down Indefinitely, Again (technologizer.com)
- Sony delays PSN revival, says 2,500 users’ names leaked (electronista.com)
- Sony Hacked Again; 25M Users’ Info at Risk (wired.com)
- Sony Hackers Planning Third Attack, Have Gained Access To Servers [Rumor] (inquisitr.com)