Spam Volumes: Past & Present, Global & Local
Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. Below is a graphic that’s based on spam data collected by Symantec’s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.
- Taking Stock of Rustock
- Spam Volumes Dip After Spamit.com Closure
- Harvesting Data on the Xarvester Botmaster
- Feds Convict Stock Scammers, Overlook Spammers
- Top Spam Botnet, “Grum,” Unplugged
Think tank presses Blue Coat over censorship concerns
A Canadian think tank called on Tuesday for continued scrutiny of U.S. security vendor Blue Coat Systems after a new technical analysis showed wide use of its products in countries with human rights and censorship concerns.
Congresswoman proposes computer fraud law amendment to honor Aaron Swartz
A draft bill to exclude terms of service violations from the Computer Fraud and Abuse Act is to be introduced in the U.S. House of Representatives.
Security audit finds dev OUTSOURCED his JOB to China
Cunning scheme netted him ‘best in company’ awards: A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.
Malware infects US power facilities through USB drives
Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
6Scan launches free website vulnerability and malware scanning service
6Scan, a Web security startup based in Tel Aviv, Israel, launched a new service on Tuesday that can scan websites for security issues, like vulnerabilities and malware infections, and allows their owners to automatically fix the identified problems.
Latest Java patch is not enough, warns US gov: Axe plugins NOW
Metasploit boss says Oracle needs TWO years to make everything good: Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability.
Java exploit used in Red October cyberespionage attacks, researchers say
The hundreds of government, military and research organizations targeted in a large-scale cyberespionage operation dubbed Red October were not only attacked using malicious Excel and Word documents, but also with Web-based Java exploits, according to Seculert researchers.
Wombat Unveils Social Engineering Security Training Module
The training explains the psychology behind social attacks and gives practical tips for recognizing and avoiding them.
Company bosses slacking on hacking
Company bosses across the UK have a complacent attitude toward cybercrime and are inviting criminal attacks due to their sloppy approach to internet security, reveals new research from Swivel Secure. …
South Korea accuses North Korea of launching cyberattack against conservative Seoul newspaper
SEOUL, South Korea – South Korea says North Korea was behind a cyberattack against a conservative Seoul newspaper critical of Pyongyang.
Sandy Hook Truthers claim Newtown school massacre a hoax to spur gun control measures
Their theories appear to lack any basis in fact or common sense. But the movement is gaining momentum with both a college professor and a Fox News anchor questioning the official narrative
Quebec to legalize assisted suicide; Death a medical issue, health minister says
A panel has recommended the provincial government allow what it calls medical assistance to die in cases where a patient is close to death and unable to endure the pain
AMD accuses former top employees of stealing over 100,000 documents
Chip maker says the defendants gave trade secrets to their new employer, NVIDIA.
Probe into privacy breach of thousands to take months RANDY RICHMOND, QMI Agency
An investigation into the loss of sensitive medical and employment information of about 5,000 Canadians is likely months from completion.
A great movie script: Quebec man accused of heading $1B marijuana smuggling operation
Jimmy Cournoyer lived a playboy lifestyle with a professional model girlfriend, an elite $2-million sports car and lavish parties until it came to an end when he was arrested in Mexico
Facebooks friends-based foray into search puts user data to work
On Tuesday, the worlds largest social network unveiled a new tool dubbed Graph Search, which enables Facebook users to quickly search their friends interests, locations and photos
Majority of Canadians concerned about financial accountability on First Nations reserves: poll
More than four out of five Canadians say they dont want more money sent to aboriginal reserves unless proper, independent audits are conducted to ensure financial accountability
Class action lawsuit launched against government over missing student loan info
A Newfoundland lawyer will file a class-action lawsuit Wednesday in court against the Federal department that lost the personal information of 583,000 student loan borrowers.
Virut malware fuels Waledac botnet resurgence
This may not be the first time Virut has been used to spread the Waledac worm, whose goal is to earn money for its purveyors through rogue ad networks, online pharmacies, or outright fraud.
Online Privacy Is a Serious Matter, So Why Do Few People Care?
Facebook, Google and other collect and use consumer information in ways few people understand. It’s time to stop being so naive, say analysts.
Two US power plants infected with malware spread via USB drive
Investigators find no up-to-date antivirus, system backups for control systems.
Commtouch’s New Mobile Security For Android Combats Fast-Growing Number Of Mobile Threats
Solution offers cloud-assisted antivirus and Web security services
Feds lose student loan data for 583,000 people QMI Agency
The federal government has lost a USB stick containing the personal information of more than half a million student loan borrowers.
Texas congressman threatens impeachment as Barack Obama considers taking executive action on gun control
Facing powerful opposition to sweeping gun regulations, President Barack Obama is weighing 19 steps that could be taken through executive action alone, congressional officials said.
“Red October” spy campaign uncovered, rivals Flame virus
Researchers at Kaspersky believe the Red October campaign, which is spreading a data-sucking trojan known as Rocra, dates back at least five years, and is still ongoing.
Automated YouTube account generator offered to cyber crooks
You’re a spammer / malware peddler / phisher, and want to register hundreds of bogus accounts on a popular online service such as YouTube in order to lead users to your wares. But, you don’t want to c…
Wombat unveils social engineering security training module
Wombat released its social engineering training module to defend against social engineering threats, including spear phishing and social media-based attacks. Commonly defined as the art of exploiti…
Waledac botmasters use Virut malware to build a new botnet
Despite having been swooped down on by security companies and law enforcement a couple of times, the botmasters of the Waledac (Kelihos) botnet refuse to give up and are using new variants to set up n…
Quebec and Ontario top Canadas health care rankings while Newfoundland lags behind
The ranking compares the availability and quality of health services with their costs, and finds that spending more does not necessarily mean a better system
HHS settles first small data breach case at medical practice
The agreement underscores the importance of mobile device security and routine risk assessments.
InfoSec News for Monday December 31, 2012.
- Attackers Target Internet Explorer Zero-Day Flaw
Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.
- Happy 3rd Birthday KrebsOnSecurity.com!
It’s difficult to believe I’ve been doing this solo thing for so long, but as a thoughtful reader just reminded me, Dec. 29 marks the third anniversary of the KrebsOnSecurity.com blog! This past year, KrebsOnSecurity featured nearly 200 blog posts, entries that have generated some 5,700 reader comments. Reader feedback and comments add tremendous value [...]
- Microsoft confirms zero-day bug in IE6, IE7 and IE8
Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug — or “zero-day” vulnerability — that is being used by attackers to hijack victims’ Windows computers.
- Why Social networks should be more like Facebook Poke
When it comes to Facebook users and their messages, almost nobody knows who can see or share their posts on social networks. And that’s a problem that must be fixed, says Mike Elgan.
- NYC mayor pins crime rate spike on iPhone, iPad theft
If it weren’t for Apple kit, crime would be down: Major crime is on the rise in New York City, and Mayor Michael Bloomberg says the increase is due entirely to thefts of Apple’s iPhone and iPad devices, which he says are inordinately attractive to thieves.
- Researchers find malware targeting Java HTTP servers
Security researchers from antivirus vendor Trend Micro have uncovered a piece of backdoor-type malware that infects Java-based HTTP servers and allows attackers to execute malicious commands on the underlying systems.
- Vancouver-bound tour bus crashes in Oregon, killing nine people and injuring at least 20 others
- The threat landscape continues to expand rapidly
- Crowd-sourcing site shuts down B.C. writers fundraiser for Syrian relatives trapped in war-torn Aleppo
- Database hacking: The year that was
- Microsoft says IE 6, 7, and 8 vulnerable to remote code execution
- Hacker at Public Works went unnoticed for days, documents show
- Concern mounts among those affected by federal government privacy breach
- Cyber crooks shifting to smartphones
- Most everything went wrong: Three years after an earthquake devastated Haiti, the reconstruction has barely begun
- Higgs boson discovery may signal the worlds last physics experiment as scientists struggle to come up with next big question
- Personal info for thousands lost by federal government
- PandaLabs Reveals Most Unique Viruses Of 2012 In Its Annual Virus Yearbook
- Personal information data of thousands of Canadians lost by federal government
- You have a job to do and you do it: The rewarding and horrifying job of fighting child porn in Canada
- DDoS Attacks on Major Banks Causing Problems for Customers
- Mobile threats predicted top concern for 2013
- North Korea is ready to conduct a third nuclear test, satellite photos show
- Senate Approves Warrantless Electronic Spy Powers
- Malware that steals from point-of-sale systems detected
- Cybersecurity — A Vital New Year’s Resolution For Business And Consumers
- Looking back: the five most important security stories of 2012
- Victim of hours-long gang rape fighting for her life in hospital as teen in second attack commits suicide
InfoSec News for Friday December 28, 2012.
- Drones, phones and other 2012 privacy threats
Verizon’s attempt to secure a patent for a so-called ‘snooping technology,’ which in this case would let television advertisers target individual viewers based on what they’re doing or saying in front of their sets, capped another challenging year for privacy advocates.
- New WordPress vuln emerges
W3 Total Cache has faulty defaults: Sorry to spoil the day for any sysadmins that thought today would be a slow day, but a security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin.
- Weve lost an American original: Desert Storm commander Stormin Norman Schwarzkopf dies at 78
- McAfee Labs predicts the decline of Anonymous
- Randi Zuckerberg mocked for Facebook privacy confusion
- Analysts: Anonymous to decline in 2013
- FTC Tightens Children’s Online Privacy Protection Act Regulation
- What the…? Tech stories that made us do a double take
- Sophos Unveils Thirteen IT Security Trends For 2013
- U.S. gun control debate rages after newspaper publishes addresses of pistol permit holders
- Paranoid China tightens Internet controls even more after Communists embarrassed by online reports
InfoSec News for Thursday December 27, 2012.
- Ransomware scammers push panic button with bogus claims
Cyber extortionists shilling “ransomware” have upped the ante by pushing users’ panic buttons with claims that their malware will wipe hard drives, a security firm said Monday.
- Iranian official disputes report that power station was hit by virus attack
A power station in the south of Iran has been hit by a cyberattack, an Iranian news agency reported Tuesday, citing a local civil defense official. But now agency and official are in dispute over whether he really made the remarks.
- Year in Ideas: How vital oil infrastructure became a villain in Canada
- Enterprises Starved for Security Threat Data to Justify Budget Hikes
- From Internet Uprisings to John McAfee: The Year in Privacy and Security
- Mark Zuckerbergs sister angry over Facebook privacy breach Alexander C. Kaufman, TheWrap.com
- Another Iran facility hit with cyber attack, perhaps
- Obama may issue cyber security order in early January
InfoSec News for Wednesday December 26, 2012.
- Exploring the Market for Stolen Passwords
Not long ago, PCs compromised by malware were put to a limited number of fraudulent uses, including spam, click fraud and denial-of-service attacks. These days, computer crooks are extracting and selling a much broader array of data stolen from hacked systems, including passwords and associated email credentials tied to a variety of online retailers.
- Feds Requiring Black Boxes in All Motor Vehicles
- Iran deflects cyber attack on industrial sites
- Iran ‘fends off new cyber attack’
- Hackers of Steubenville Football Teams Web Site Demand Apology in Rape Case