Top 12 Spam Relaying Countries

Zombie-process

Image via Wikipedia

There’s a zombie invasion going on – and it could have infiltrated your business, your home office, or even the corner of your bedroom.

Of course, it’s not the kind of zombies beloved by the movie theatres but instead the problem of compromised computers being controlled by a remote hacker.

Many members of the public still haven’t understood that spammers don’t use their own PCs to send spam – instead they create botnets of commandeered computers around the globe (also known as “zombies”), which can be used to relay spam, send out malicious links and even launch distributed denial-of-service attacks.

If they did understand the problem, maybe they would put more effort into protecting their computers.

Spam dashboard

Sophos has today published a new report, revealing the top twelve spam-relaying countries around the world. We call the list the “dirty dozen”, and because virtually all spam is sent from compromised PCs, it’s a pretty good indication of where the botnets have got the tightest hold.

The top twelve spam relaying countries for January – March 2011

1. USA 13.7%
2. India 7.1%
3. Russia 6.6%
4. Brazil 6.4%
5. S Korea 3.8%
6. United Kingdom 3.2%
7. Italy 3.1%
7. France 3.1%
9. Spain 2.8%
10. Germany 2.6%
11. Romania 2.5%
12. Poland 2.3%
Other 42.8%

Although the USA and UK contribution to the global spam problem has decreased in percentage terms, it is essential for organizations not to become complacent. Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also to steal identity and bank account information.

Computer users must be educated about the dangers of clicking on links or attachments in spam mails – and many computers may already be under the control of cybercriminals. Businesses and computer users must take a more proactive approach to spam filtering and IT security in order to avoid adding to this global problem.”

Dirty monitorIn all, we counted spam being sent from an astonishing 229 countries around the world during the first quarter of 2011. So everyone, no matter where they live, should be taking more care of their personal computer’s protection.

For as long as spam continues to make money for the spammers, it will continue to be a global problem. Too many computer users are risking a malware infection that sees their computer recruited into a spam botnet. To combat the spammers, it’s not only essential for computer users to run up-to-date security software, they must also resist the urge to purchase products advertised by spam.

So, don’t add to the statistics, do your bit in the fight against spam and don’t allow your computer to become a zombie.

Keeping your security patches up-to-date, your anti-virus defences in place and having a good helping of common sense can help avoid your computer from being recruited by the bad guys.

Source :- http://nakedsecurity.sophos.com

Free Subway gift card spam spreading on Facebook

Sophos  received a number of questions from Facebook fans of Sophos regarding messages that have spread across the social network claiming to offer a $100 gift card for the Subway sandwich chain.

Here’s a typical message:

Subway Facebook message

Free Subway Gift Cards - Limited Time

Get Your Free Subway Gift Card Now! Click for Details

So, what’s going on here? Well, the first thing to realise is that it’s not something endorsed by Subway.

Although the link you click through to has no qualms about using Subway’s logo, and images of meals you can purchase at Subway, it’s actually from an independent third party company.

Subway gift card webpage

Many people will probably be so keen to receive $100 worth of Subway meals that they won’t read the small print at the bottom of the page:

The above listed merchants or brands in no way endorse or sponsor FreeGiftCardSon.us's offer and are not liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners.

FreeGiftCardSon.us is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete a total of 5 Sponsor Offers as stated in the Gift Rules (4) not cancel your participation in more than a total of 2 Sponsor Offers within 30 days of any Sponsor Offer Sign-Up Date as outlined in the Gift Rules (the Cancellation Limit) and (5) follow the redemption instructions.

The pages ask you some simple and apparently harmless questions: are you male or female, which age group do you fall into, etc.. before asking for your email address.

Subway gift card spam wants your email address

At this point the page tells you that you must post the message onto your Facebook page in order to qualify for the free $100 Subway gift card.

In this way the message is spread virally to your Facebook friends.

But there’s still no sign of your free Subway gift card, because the site now wants you to hand over much more personal information, including your name, address, email address, full date of birth, cellphone and telephone number etc.

Form asks for your personal details

Again, notice that the webpage doesn’t seem to have any issue with using the Subway logo – despite not being affiliated with Subway. Clearly this is done in an attempt to trick Facebook users into believing that they are talking directly to the high street brand.

According to the small print, you’ll have to complete multiple “sponsor offers” before they will even consider sending you a gift card – which may cost you both in time and money, but also the sheer treasure trove of personal information you will have handed over.

Sophos advice? Avoid these “offers” as they’re unlikely to ever prove fruitful, and may result in you handing over a wealth of data about yourself to complete strangers. When you agree to post a message about such gift cards on Facebook, you are putting your online friends at risk of having their privacy damaged too.

Source :- http://nakedsecurity.sophos.com

7.5 Million Facebook Users Are Younger Than 13

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Some 7.5 million Facebook users over the past year were younger than 13, according to a Consumer Reportssurvey.

The report, made public on Tuesday, is based on a survey of 2,089 members of a TNS interactive consumer panel. Using that sample, the magazine was able to estimate that more than 5 million Facebook users are 10 years old and younger, making up the bulk of the 7.5 million figure. Facebook’s terms of service require users to be at least 13 years old. To join, though, users merely have to enter their supposed birth dates when they sign up.

But Facebook’s screening requirements for minors may be a moot topic. In a statement, Jeff Fox, technology editor for Consumer Reports, said the majority of parents of kids 10 and under “seemed largely unconcerned by their children’s use of the site.”

Reps from Facebook could not be reached for comment.

This isn’t the first time Facebook’s policies on minors have been called into question. A class action suit filed in August in Los Angeles alleged that Facebook’s “Like” button triggered instances in which minors were endorsing products without their parents’ consent.

Source :- http://mashable.com

Lady Gaga & Zynga Found GagaVille

Image representing Zynga as depicted in CrunchBase

Image via CrunchBase

Two social media heavyweights — Lady Gaga and Zynga — will partner for GagaVille, an offshoot of FarmVille.

GagaVille, a uniquely designed neighboring farm to FarmVille, that sports unicorns and crystals, according to Zynga, launches May 17. GagaVille visitors will get a first listen to unreleased songs from Gaga’s album Born This Way, available May 23. The full album also comes bundled as a free download when you buy a $25 Zynga game card at Best Buy.

The deal also includes a “Words With Gaga” contest in Zynga’s mobile Words With Friends game. Playing the designated Gaga word of the day — which will be announced on Gaga’s Facebook Page each day — will give players the chance to win concert tickets and a signed copy of Born This Way. Zynga is also giving players limited edition Lady Gaga virtual items on RewardVille that can be used across Zynga games.

Such a deal had been predicted after Gaga and Zynga collaborated on an earthquake relief effort for Japan in March. Last month, The Wall Street Journal reported that Zynga and Gaga were in discussions about a tie-in effort.

Source :- http://mashable.com

Microsoft Acquires Skype for $8.5 Billion

Image representing Skype as depicted in CrunchBase

Image via CrunchBase

After rumors that first Facebook and then Microsoft were in talks to acquire Skype, the latter announced that it has acquired the VoIP giant for $8.5 billion in cash.

Skype will be integrated into Microsoft devices and systems such as Xbox and Kinect, Xbox Live, the Windows Phone, Lync and Outlook, Microsoft said in a statement. The company has pledged to continue supporting and developing Skype clients on non-Microsoft platforms as well.

The deal, which was spearheaded by Microsoft CEO Steve Ballmer with assistance from Charles Songhurst, the company’s head of corporate corporate strategy, was completed Monday evening, AllThingsD reported earlier.

The acquisition is an expensive one for Microsoft. Not only is it the largest price Microsoft has paid for a company in decades, Skype is not yet profitable. Despite revenues totaling $860 million last year and operating profits of $264 million, the company lost $6.9 million overall, according to documents filed with the SEC. And the company carries $686 million in debt.

Much of the company’s appeal rests in its largest user base of 663 million, 145 of which use Skype monthly (Update: Microsoft says Skype has 170 million regular users), and 8.8 million of which are paying customers.

There is one clear set of winners here: Skype’s investors. A group including Silver Lake, Index Ventures, Andreessen Horowitz and the Canada Pension Plan (CPP) Investment Board purchased the company from eBay for $2.75 billion in September 2009.

In August, Skype filed for an IPO but put plans on hold after Tony Bates joined the company as CEO in October. Bates will take on the title of president of the Microsoft Skype Division and report directly to Ballmer.

Source -: http://mashable.com

For Top News Sites, Facebook Drives More Traffic Than Twitter

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook is a more valuable source of traffic to top news sites than Twitter, according a Pew Research Center study released Monday.

The study looked at Nielsen data from the 25 news websites with the highest number of unique monthly visitors. About 35% to 40% of traffic to the sites came from links on other sites, as opposed to readers typing in a URL directly or clicking to another page on the same site.

Unsurprisingly, Google dominated this referral traffic. On average, the company’s search and news products accounted for about 30% of all clicks. But Facebook also referred a significant percentage of each site’s audience.

The Huffington Post was boosted the most by Facebook referrals, which accounted for 8% of its unique visitors. The New York Times derived 6% of its traffic from the social network.

“These percentages represent only a fraction of the traffic coming from Google,” says the study. “But they make Facebook an influential and probably growing force. As Nielsen’s numbers show, few domains affect audiences this much.”

For all its success at breaking news, Twitter did not have the same effect. The site with the highest percentage of traffic from Twitter, The Los Angeles Times, could only credit the micro-blogging platform with 3.53% of its traffic. Twitter referred a much smaller percentage of traffic to other sites in the study.

Part of the discrepancy between Facebook and Twitter referrals is their disparate user bases. Facebook has more than 500 million users while Twitter has 200 million accounts — many of them inactive.

But referral clout is not just a question of user numbers. The Drudge Report, a veteran news aggregation site, was the second or third ranked referral site to more than half of the sites studied. For example, the Drudge Report provided more than 30% of traffic to British newspaper The Daily Mail, 19% of traffic to the New York Post, 15% to The Washington Post, and 11% to the Boston Globe.

 Source :- http://mashable.com

How Mother’s Day Facebook celebrations can lead to identity theft

Image representing Facebook as depicted in Cru...

Image via CrunchBase

A couple of weeks ago Sophos explained why you shouldn’t reveal your Royal Wedding guest name. Now Sophos have to warn you that celebrating Mother’s Day can lead to you giving away too much personal information about your children.

Here’s a message which has been passed around on Facebook for a few days:

In honor of Mother's Day...If you are a proud mother re post with the name, birth date, & birth weight of your child/children!

Mother's Day post on Facebook

See what they’ve done? They’ve told me the name of their children and their precise date of birth. And I’m not even friends with them, they’ve left their profiles open for the entire world to see because they haven’t followed best practice guidelines for Facebook privacy settings.

And – don’t forget – when you share a piece of information with everyone on Facebook, that actually means the entire internet for ever. This information by itself may not be enough to commit identity theft against your child, but it’s a stepping stone for fraudsters which can help them.

You shouldn’t post this kind of personal information onto the internet – tell people you love your children and are proud of them without revealing their full names or dates of birth.

If you use Facebook and want to learn more about threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Source :- http://nakedsecurity.sophos.com

Hours spent on Twitter? Don’t click on scam spreading virally on Twitter

Image representing Twitter as depicted in Crun...

Image via CrunchBase

Another rogue application is spreading between unsuspecting Twitter users, claiming to tell you how many hours you have spent on on the network.

The messages all look pretty similar, and use a currently trending topic such as Richard Dawkins, Cheryl Cole landing the job of a judge on the US edition of “X Factor”, or it being Mother’s Day in the United States.

Twitter scam

Richard Dawkins --> I have spent: 23.8 hours on Twitter! See how much you have: [LINK]

#zabecca --> I have spent: 20.9 hours on Twitter! See how much you have: [LINK]

Vidal Sassoon --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

#5factsaboutmymom --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

Even though you may have seen one of your friends tweet out a message like this, you definitely shouldn’t click on the link. It will take you to a rogue third-party application which asks your permission to connect with your Twitter profile.

Twitter scam

If you do authorise the app it will be able to post messages to Twitter in your name, see who you follow on Twitter, grab your Twitter name and avatar, and update your profile. Now, why on earth would you want to give a complete stranger the ability to do that?

Unfortunately, you may be so desperate to find out how many hours they have spent on Twitter (after all, your friends appear to have already been though the process) that you will authorise the application.

Whereupon, the rogue application will tweet the offending message from your Twitter account. When I went through the process on a test Twitter account I run, I found that it tweeted out the message more than a dozen times in less than 30 seconds.

Twitter scam

You may not realise that this is happening, however, as the app is distracting you with a message saying it is processing your results. After some whirring away, it asks you to enter your email address to have your results sent to you.

Twitter scam

Stop right there! (if you haven’t already). Are you seriously going to give these complete strangers access to your email address too? They already know your Twitter account name, and can post to your Twitter page – now they’ll be able to email you as well!

Who knows what they might send you? Their plan might be to send you spam, a Trojan horse, or a phishing attack. They even have the cheek to say watch out for the message in your spam folder!

Twitter scam

I don’t know what the scammers plan to spam out to you, and it could – of course – be weeks or months before they do, but if you want to find out more follow me on Twitter at @gcluley.

These sorts of rogue applications appear to be popping up more and more on Twitter, whereas previously they were mostly seen only by Facebook users.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Source :- http://nakedsecurity.sophos.com

Top 10 Twitter Trends This Week ( 4/29 – 5/5)

Image representing Twitter as depicted in Crun...

Image via CrunchBase

Last week, Mashable predicted that the Royal Wedding would be the number one trending topic this time around. And we would have been right, if not for a bit of news that broke last Sunday.

The shots that took down Osama bin Laden were shots heard ’round the Twitterverse. A mind-boggling record of 12.4 million tweets per hour (5,106 tweets per second around the time of President Obama’s speech) helped to place all topics connected to the biggest news story of the year at number one this week.

It should be noted that despite the intensity of the bin Laden news, the Royal Wedding did come in at a close second.

To see the full list, check out the chart below. Because this is a topical list, hashtag memes and games have been omitted from the chart. The aggregate is based on Twitter’s own trending algorithm, and does not necessarily reflect raw tweet volume.

You can check past Twitter trends in our Top Twitter Topics section.


Top Twitter Trends This Week: 4/29 – 5/5


Rank
Topic
Intensity
Description
#1
Osama bin Laden
3
Al Qaeda leader Osama bin Laden was killed by a small team of Navy SEALs in Abbottabad, Pakistan. President Obama announced the news late Sunday night (ET).
#2
Royal Wedding
3
Prince William and Catherine Elizabeth “Kate” Middleton were married on April 29, 2011 at Westminster Abbey.
#3
Harry Potter Movie/Book Series
2
On Twitter, Harry Potter fans were talking about Luna Lovegood, Neville Longbottom, Molly Weasley, Severus Snape, Hermione Granger, Bellatrix Lestrange, Fred Weasley and Sirius Black.
#4
2
Justin Bieber accidentally tweeted #pssst when he was trying to tweet #pissed instead, thus causing this to trend. People are tweeting secrets to one another or showing reasons why someone is “pissed.” Users asked their followers if they prefer Justin Bieber or Bruno Mars.
#5
Soccer/Football
1
Much discussed football topics include Sunday’s upcoming Manchester United vs. Chelsea match, Lionel Messi, the retirement of Sami Tuomas Hyypiä, the Queens Park Rangers fault, the Champions League match Manchester United v Schalke and the Derby between two massive soccer clubs from Brazil: Grêmio Foot-ball Porto Alegrense and Sport Club Internacional.
#6
Star Wars Day
1
Science fiction fans celebrated Star Wars on the 4th of May, tweeting the phrase “May the Fourth be with you!”
#7
Lady Gaga
1
Lady Gaga fans were excited about the release of “Judas,” her latest music videol. And it’s not clear how or when it started, but users are tweeting “Lord Voldemort + Lady Gaga = Lord Gaga.”
#8
Chris Brown
1
On Thursday, R&B singer Chris Brown turned 22 years old and his fans sent him good wishes.
#9
NBA Playoffs
1
Fans were most vocal about the Miami Heat meeting the Boston Celtics in the NBA Conference Semi-Finals. Derrick Rose of the Chicago Bulls was announced the winner of the Maurice Podoloff Trophy as the 2010-11 Kia NBA Most Valuable Player Award.
#10
Owl City
1
Indonesian Tweeters were excited over an announcement that the band Owl City would be playing a concert in Jakarta on October 28. Also, fans were saying how much they liked the Owl City song “Vanilla Twilight.”

Data aggregate courtesy of What the Trend.

Source :- http://mashable.com/

Sony succumbs to another hack leaking 2,500 “old records”

PlayStation Network Card

Image by yum9me via Flickr

Sony seems to be living a nightmare this week. In a statement made today to Reuters they acknowledged another Sony property had been attacked by malicious hackers and more data stolen and published.

Even more embarrassing was the fact that the stolen information was published on a Sony web server that reportedly is part of Sony Electronics.

The information disclosed contained names and partial addresses of Sony customers who had participated in a 2001 sweepstakes. Sony’s comment is as follows:

“The website was out of date and inactive when discovered as part of the continued attacks on Sony,”

This appears to be a partial repeat of what they disclosed in their second statement acknowledging that Sony Online Entertainment had been compromised. “Don’t worry it was old data on a forgotten server.”

I spoke with John Moe from Marketplace Tech Report on National Public Radio (NPR) last Wednesday. We discussed how long most organizations keep this kind of information and whether there are any regulations requiring it to be protected or deleted.

In an organization as large as Sony the hackers targeting them may be able to continue to find low hanging fruit… Unpatched old equipment at any of the various Sony subsidiaries could continue to embarrass Sony publicly.

Meanwhile, Sony Playstation Network users are starting to get quite impatient as they await the return of the online gaming service.

In this case Sony is certainly doing the right thing. It is better to be offline and identify what must be done to return the service to a secure state than to simply turn it back on and allow attackers to target even more data.

Remember arcades? You can “chat” while competing and you even might see the sunshine when you leave the house. It will be okay gamers, soon enough you will be able to return to your couches.

Source :- http://nakedsecurity.sophos.com

%d bloggers like this: