Microsoft: Malware Up 38% in United States in 2008

Share

According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008.[1] Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%.

Downloaders and droppers, accounting for 30% of all malicious software, with around 7 millions computers infected in the United States alone.

And of course, no good Microsoft document would be complete by stating that Vista in more awesome than XP, and therefore the report states that if you own Windows XP SP3, you’re likely to be infected 9 times on 1000 infections, while this number drops to 4 times on 1000 infections for Vista.

“For browser-based attacks on Windows XP-based machines, Microsoft vulnerabilities accounted for 42 percent of the total. On Windows Vista-based machines, however, the proportion of vulnerabilities attacked in Microsoft software was much smaller, accounting for just 6 percent of the total[2].”

Taken from the report:

Country/Region

2007

2008

% Chg.

Afghanistan

58.8

76.4

29.9

Bahrain

28.2

29.2

3.4

Morocco

31.3

27.8

-11.4

Albania

30.7

25.4

-17.4

Mongolia

29.9

24.7

-17.6

Brazil

13.2

23.9

81.8

Iraq

23.8

23.6

-1.1

Dominican Republic

24.5

23.2

-5.2

Egypt

24.3

22.5

-7.5

Saudi Arabia

22.2

22.3

0.4

Tunisia

15.9

21.9

37.3

Turkey

25.9

21.9

-15.4

Jordan

20.4

21.6

5.5

Former Yugoslav Republic of Macedonia

16.3

21.1

29.8

Lebanon

20.6

20.2

-1.8

Yemen

17.7

20.1

13.7

Portugal

14.9

19.6

31.7

Algeria

22.2

19.5

-12.2

Libya

17.3

19.5

13.1

Mexico

14.8

17.3

17

United Arab Emirates

18.2

17.3

-4.8

Monaco

13.7

17.0

23.7

Serbia

11.8

16.6

41.4

Bosnia and Herzegovina

12.8

16.3

27.5

Jamaica

15.0

16.3

8.9

Table 1.0 – Countries with the Highest Infection Rates[3]

See also:

“Microsoft Security Intelligence Report”, Microsoft, January-June 2008, http://www.microsoft.com/downloads/details.aspx?FamilyId=B2984562-47A2-48FF-890C-EDBEB8A0764C&displaylang=en (accessed on November 4, 2008)

“Les menaces en augmentation de 43%, dit Microsoft”, Marie-Ève Morasse, Cyberpresse, November 3, 2008, http://technaute.cyberpresse.ca/nouvelles/internet/200811/03/01-35773-les-menaces-en-augmentation-de-43-dit-microsoft.php (in French) (accessed on November 4, 2008)


[1] “Microsoft Security Intelligence Report”, Microsoft, January-June 2008, p. 122

[2] Ibid. p. 5

[3] Ibid. p.49

Bank Account Stealing Trojan Rampaging the Internet

Share

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a trojan
The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a trojan

BBC News reports that a trojan, labeled Sinowal, has been crawling across the Internet. The Trojan is notorious for stealing bank account details. Sean Brady of RSA‘s security division reports that “more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.[1]” According to Sophos researchers, 14 computers per seconds were infected by Sinowal in 2008[2].

The Trojan is also known as Torpig and Mebroot and has now been discovered 2 years ago, in 2006, which means it has been collecting information for now 2 years. It uses the drive-by download method to download itself, which means it download and install itself without the user’s knowledge. In the case of this particular Trojan, this is done mainly thought malicious links and HTML injection attacks.

The Trojan installs itself on the master boot record and his polymorphic, making it hard to detect and to remove[3]. RSA suspects that the Sinowal had strong ties to a cybercriminal gang known as the Russian Business Network.


[1] “Trojan virus steals banking info”, Maggie Shiels, BBC News, October 31, 2008, http://news.bbc.co.uk/2/hi/technology/7701227.stm (accessed on November 2, 2008)

[2] Idem

[3] “RSA Cracks Down on Legendary Sinowal Trojan“, Richard Adhikari, Internet News, October 31, 2008, http://www.internetnews.com/security/article.php/3782221/RSA+Cracks+Down+on+Legendary+Sinowal+Trojan.htm (accessed on November 2, 2008)

Dept. of Homeland Security Thinks Blogs is Key to IEDs

Share

The Department of Homeland Security seeks ideas on how to retrieve information in blogs and forums about the potential use and fabrication of Improvised Explosive Devices (IEDs). The DHS thinks that by analyzing information posted on blogs and forums in real time, it may be able to counter the use of IEDs on the field. They are therefore looking for “Indicators of Intent to Use Improvised Explosives (IEDs) available in Blogs to support the Counter-Improvised Explosive Devices (C-IED) Program.[1]

Any potential person interested would have to:

“2) developing objective, systematic data collection and retrieval techniques to gather data on a near real-time basis from blogs and message boards. Data will be collected at multiple, pre-determined times to evaluate the transmission of information over time, and should include metrics for determining the impact factor and usage patterns of the blogs and message boards. 3) identifying blogs and message boards utilized or favored by groups that engage in violent or terrorist activity to include in the study. Blogs and message boards must be representative of various characteristics of the larger populations of interest. and 4) collecting quantitative and qualitative data from the bloggers to evaluate such issues relating to knowledge of the preparation and execution of violent activities, including IED attacks.[2]

Now, I can think of so many ways to defeat this kind of surveillance. Encryption for one. Second, don’t use blogs or forums from the Internet to show where you will plan your next attack. Use a virtual private network (VPN). Maybe by looking for blogs or forums, they may find the stupidest insurgents/terrorists or teenagers that think they are cool, but the vast majority of them know how to use technology and have learned about encryption. A private web server would do the job also…Imagination is the limit!

See also:

“DHS: Scour Blogs to Stop Bombs”, Noah Shachtman, October 31, 2008, http://blog.wired.com/defense/2008/10/dhs-scour-blogs.html (accessed on October 31, 2008)


[1] “Counter-Improved Explosive Devices Blogging”, Department of Homeland Security, Sollicitation Number: HSHQDC-09-R-00004, October 28, 2008

[2] Idem.

Cybercrime Rose by 9% in Britain

Share

The BBC reports that cybercrime rose by 9% in Britain[1]. This is according to Online Identity firm Garlik which release its 2008 Cybercrime Report. The report contains interesting statistics. Among others, identity theft drop from 92 000 offenses in 2006 to 84 700, a 8% drop[2]. Financial fraud rose by 24% and is expected to increase for 2008-2009, mainly due to the financial crisis going on. The report cites the leaked letter from the Home Office indicating a possible rise in crime[3]. This is really no surprise.

Always according to the report, the top three stolen documents for identity theft were non-UK passports, utility bills and UK passports[4]. As for financial cybercrimes, losses from UK victims amounted to £535million (1 billion $CAN, 869 millions $US), up 25% from 2006. The reports further states this interesting bit of information:

“… personal details and identity information are traded online with the 15 Research conducted by Garlik’s team of researchers investigating the presence of illegal trading networks on the Internet, number of trading networks more than doubling (from 27 to 57) over the past nine months. In a typical day, around 520 individual information traders are identified with 19,217 traders being identified this year. Of these, around 700 are ‘long term’ traders …[5]

Cybercrime in the UK rose by more than 9% in 2007
Cybercrime in the UK rose by more than 9% in 2007

That’s 57 trading network and around 20 000 traders, which, at least for me, is a big number. But the report doesn’t specify how those traders were identified though. The 700 “long-term” traders are seemed to be identified only with their online alias. Therefore if the “20 000 traders” is counted using aliases, this number might be higher than the actual number of traders.

The reports do not goes into great details on how the criminals get the information, but it does mention Trojans, phishing and SQL injections as a way to retrieve the information. As for the damage caused by these for UK companies, 830 000 companies report a computer-related incident last year. Viruses accounted for 21% of those incidents and are on the decline.

Fortunately, the report also mention lack of data protection from the government but fail to give any number, since it’s outside the scope of the document. But shouldn’t it be considered so? Shouldn’t this be considered as criminal negligence? After all, lost data impact lives and can lead to disaster for the victims of this negligence…

Garlik also describe interesting statistics about online harassment. The complete report can be found here: http://www.garlik.com/static_pdfs/cybercrime_report_2008.pdf


[1] “Cybercrime wave sweeping Britain”, BBC News, October 30, 2008,  http://news.bbc.co.uk/2/hi/technology/7697704.stm (accessed October 30, 2008)

[2] “UK Cybercrime Report 2008”, Stefan Fafinski, Neshan Minassian, Garlik, September 2008, p. 5

[3] “Leaked letter predicts crime rise”, BBC News, September 1, 2008,  http://news.bbc.co.uk/2/hi/uk_news/politics/7591072.stm (accessed on October 30, 2008)

[4] “UK Cybercrime Report 2008”, Stefan Fafinski, Neshan Minassian, Garlik, September 2008, p. 12

[5] Idem, p. 16

Quebec Launches Campaign Against Identity Theft

Share

Yesterday the ISIQ (Institut de la Sécurité de l’Information du Québec) launched its new campaign to educate citizens computer security and protection of personal information over the Internet. The ISIQ launched a new portal, MonIdentité (in French) containing lots of information for users on how to protect their identity and to identify risks such as phishing, spyware, Trojans and weak passwords. The campaign has been launch by Pierre Arcand, deputy of the Mont-Royal district in Montreal.

“We want the citizens to become their own artisans of their security on the Internet, by adopting a secure behavior.” said M. Pierre Arcand.

The campaign comes amid a declaration from the Chaire de recherche du Canada sur la sécurité, identité et technologie (in French) who reports that in the last 3 years, 314 millions personal files where lost in 976 incidents in Canada and in the United States. Half of them were due to the incompetence of the owning corporation or organization.[1]

This is exactly the kind of initiative we need. Humans are always the weakest link in any security network, therefore educating the population about security is essential. My only fear is that this campaign will largely be ignored by the media and the population, since elections are looming in the province and economic news are still the main topic.

Je Protège Mon Identité - ISIQ Portal
Je Protège Mon Identité - ISIQ Portal

[1] “Pour naviguer sans tracas”, Radio-Canada, October 27, 2008, http://www.radio-canada.ca/nouvelles/societe/2008/10/27/003-securite-informatique.shtml (accessed on October 28, 2008)

Twitter Terrorism

Share

Today the U.S Army discovered something called Twitter, and realized that, as MySpace, Facebook, Google Earth and many other sites, it could be used by terrorists to plan attacks on landmarks or other targets. Although the Army report admits it has no proofs that Twitter is currently used by individuals for terrorism. The report details many interesting scenarios described in the report:

Scenario 1: Terrorist operative “A” uses Twitter with… a cell phone camera/video function to send back messages, and to receive messages, from the rest of his [group]… Other members of his [group] receive near real time updates (similar to the movement updates that were sent by activists at the RNC) on how, where, and the number of troops that are moving in order to conduct an ambush.

Scenario 2: Terrorist operative “A” has a mobile phone for Tweet messaging and for taking images. Operative “A” also has a separate mobile phone that is actually an explosive device and/or a suicide vest for remote detonation. Terrorist operative “B” has the detonator and a mobile to view “A’s” Tweets and images. This may allow “B” to select the precise moment of remote detonation based on near real time movement and imagery that is being sent by “A.”

Scenario 3: Cyber Terrorist operative “A” finds U.S. [soldier] Smith’s Twitter account. Operative “A” joins Smith’s Tweets and begins to elicit information from Smith. This information is then used for… identity theft, hacking, and/or physical [attacks]. This scenario… has already been discussed for other social networking sites, such as My Space and/or Face Book.[1]

Although this is true, for anyone having a clue about technology, this shouldn’t be any news. Any social networking site offers the opportunity to criminals and terrorists extensive information about someone. This can only by solved by educating people about privacy, and why it’s important. This is especially true for security and military personnel.

See also:

Noah Shachtman, “Spy Fears: Twitter Terrorists, Cell Phone Jihadists”, October 24, 2008, http://blog.wired.com/defense/2008/10/terrorist-cell.html (accessed on October 27, 2008)


[1] “Sample Overview: alQaida-Like Mobile Discussions & Potential Creative Uses” http://blog.wired.com/defense/2008/10/terrorist-cell.html (accessed on October 27, 2008)