Millions of People Knowingly Open SPAM Email
How many users access spam emails, click on the links found within, and open attachments intentionally? Why are they doing it, and who are they holding responsible for the spread of malware and spam in general, while conveniently excluding themselves?
A newly released survey from the Messaging Anti-Abuse Working Group (MAAWG), summarizing the results of the group’s second year survey of email security practices, offers an interesting insight into the various interactions end users tend to have with spam emails.
Key findings of the survey:
- Nearly half of those who have accessed spam (46%) have done so intentionally – to unsubscribe, out of curiosity, or out of interest in the products or services being offered
- Four in ten (43%) say that they have opened an email that they suspected was spam
- Among those who have opened a suspicious email, over half (57%) say they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident
- Canadian users are those most likely to avoid posting their email address online (46%). Those in the U.S., Canada and Germany are most likely to set up separate email addresses in order to avoid receiving spam
- Many users do not typically flag or report spam or fraudulent email
- When it comes to stopping the spread of viruses, fraudulent email, spyware and spam, email users are most likely to hold ISPs and ESPs (65%) and anti-virus software companies (54%) responsible
- Less than half of users (48%) hold themselves personally responsible for stopping these threats
It’s interesting to see the paradox of end users blaming ISPs and antivirus vendors, whereas 43% of the surveyed users said that they have accessed spam emails, and that they do not typically flag or report these emails.
What the majority of the survey participants appear to be unaware of, is that, despite the fact that since early days of spam, spammers have been attempting to verify the validity of the emails, by attempting to unsubscribe themselves, the users are confirming that their email is valid. In short, it means even more spam. (read more of this article)
The best way to block 98% of SPAM destined for you mailbox is to sign up for Secure Mail by Prime Networking. (Read More)
Ants Instead of Anti-virus?
Soon your computer could be crawling with ants. Not the kind that show up in the cracks in 
your driveway, but little digital pieces of code that crawl your network and may someday replace that cumbersome anti-virus program. Researchers at Pacific Northwest National Laboratory (PNNL) in Richland, Washington, and Wake Forest University, North Carolina have developed a concept they call “swarm intelligence.” The concept is that these digital ants will crawl through a network looking for worms and other malware and attack it before it can infect the network.
“Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” explained Errin Fulp, researcher at Wake Forrest. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”
The digital ants offer several advantages over traditional “static” anti-virus programs. Digital ants move throughout the network looking for threats instead of waiting for the intruding malware to come to them. This does away with those annoying scans that rob resources and slow productivity. Further, digital ants learn and adapt to malicious code variants. There is no need to continually update, unlike today’s anti-virus.
Could digital ants be the answer to the PC owners anti-virus prayers? It is to early to tell, but the concept definitly holds promise.
Steve Marks
Keeping IT Green
We all want to save money these days. One way seems like a no-brainer. We should turn off our PC’s at night when they aren’t making us any money. After all, a PC and monitor can burn the equivalent of several 100 watt light bulbs. However, the answer may not be as clear as it seems. At night is when your computer performs maintenance on itself. Think of it as a nightly checkup while you are tucked in bed. Around 2 A.M is when many computers are set to download and install updates from Microsoft. These updates help keep your operating system up to date and the bad guys from exploiting weaknesses in your security. In the still of the night is also when your anti-virus meticulously scans each and every file looking for potential malware that has slipped in undetected during the day. Given this reality, does it really save you money to shut down that PC at night? Maybe not when you consider that the cost to clean up an infected PC can run several hundred dollars. So what is the best way to be Green and save green? Check the settings on your Anti-virus and Microsoft updates. Make sure they are set to update nightly. Then reach up and push the power button on the monitor. You will still save 100’s of watts of electricity without compromising your IT security.
Steve Marks
Fake H1N1 (Swine Flu) alerts lead to malware
Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.
The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile. During this process, a malware file gets planted on the user’s machine.
This US-CERT advisory contains some of the e-mail subject lines being used in the spam run. Some examples:
- “Governmental registration program on the H1N1 vaccination”
- “Your personal vaccination profile.”
According to researchers at AppRiver, the scam tricks computer users into believe they are part of a “State Wide H1N1 Vaccination Program” and are required to create a vaccination profile on the CDC website.
“The link provided in the email takes you to a very convincing looking imitation of a CDC web page where you are given a temporary ID and a link to your ‘vaccination profile’. The link is in fact…an executable file that contains a copy of a Trojan most commonly identified as xpack or Kryptik…once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer.”
AppRiver says the messages are being received at a rate of 18,000 per minute, more than one million per hour.
Here’s a look at the fake spoofed CDC Web site being used in this attack:
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab.
Avoiding Cyber Crime
In a world where identity theft happens every day and we all have loads of personal information spread out in all directions, it is important to take precautions to ensure that our money and our identities stay safe. Much like with preventing pregnancy, the only 100% foolproof way to prevent cyber crime is to never go on the Internet, or interact with companies who use the Internet. Unless you live in a remote cave, however, you’re unlikely to achieve this. So, what are some of the best ways to be smart about safety online?
Think about what you’re doing. If you put your name and address onto an unsecured site, such as a social networking site, you are making yourself vulnerable. In fact, assume that anything you put on a social networking site will be seen by everyone, your boss and your grandmother alike.
In fact, on an unsecured site, never submit any personal information. Not your birthday, not your name, and certainly not any financial information. Keep in mind that a password is not going to stop a determined and skilled hacker, so while you should always endeavor to have strong passwords (no personal information here), keep in mind that only keeps out a lower level of criminal – or a friend or family member who is rudely curious.
Unplug that webcam. If you’re not actively using your webcam, don’t leave it on. It isn’t hard to override permissions to cams. By unplugging your camera from the computer, your visual image remains out of the hands of those who might not want it for polite purposes.