H1N1 malware epidemic is more contagious than real deal

Malware authors are impersonating the CDC in a new scheme to propagate a trojan horse. Fraudulent e-mails sent by a botnet claim that the recipient must register for a fake state vaccination program but really link to a malware-infested phishing website.

The Center for Disease Control (CDC) issued a statement this week to warn citizens about a recent wave of phishing e-mails that deceptively claim to be from the government organization. The e-mails refer to a state vaccination program and tell recipients that they have to create a personal H1N1 vaccination profile.

No such vaccination program exists. A link in the e-mail directs users to a fraudulent website that attempts to infect their computer with malware. Specifically, the fake H1N1 messages are being used to propagate ZBot (also known as Zeus), a trojan horse that powers one of the most active botnets. The program serves as a spam relay and also surreptitiously collects private data about the user to funnel back to the botnet operator.

E-mail security company AppRiver detected the malware campaign earlier this week when it seemingly exploded in volume. The company's researchers wrote about it in a blog entry.

"We are seeing these messages at the extremely high rate of nearly 18,000 messages per minute netting over 1 million of these messages in the first hour alone," they wrote. "It is now officially flu season and considering the recent concerns over the H1N1 vaccine, I expect this to be a highly effective campaign against those who are not protected from this cyber-threat."

Security company Sunbelt Software, which publishes monthly reports on the prevalence of malware threats, says that ZBot held the top spot for seven months but declined sharply last month. Its November report, which was published today, lists ZBot as the second most prevalent malware threat and says that it represents 6 percent of all malware infections. The new H1N1 phishing scheme could potentially give it a boost.

ZBot's authors have used similar tactics in the past. A report at the CA Security Advisor Research Blog describes how previous iterations of have used fake e-mails claiming to come from the IRS, FDIC, and Microsoft. The websites linked in the e-mails attempt to get users to download the malware. They also have embedded iframes with PDF or Flash content that attempts to take advantage of security vulnerabilities in Adobe's software. Although Adobe has patched known vulnerabilities, users who have not updated to the latest versions are at risk.

Malware propagation is largely an exercise in social engineering. These fraudulent e-mails expand the botnet pool by preying on the ignorance and fear of recipients.

By Ryan Paul

Viagra spam gang fined $15.2m in US court

A US district court has ordered the largest "spam gang" in the world to pay nearly $15.2 million (£9.4 million) for sending unsolicited email messages marketing male-enhancement pills, prescription drugs and weight-loss supplements, the US Federal Trade Commission said Monday.

Spamhaus, the antispam organisation, called the email marketing network the "No. 1 worst spam gang" on the Internet for much of 2007 and 2008.

Australian resident Lance Atkinson, the spam ring's leader, has paid more than $80,000 to New Zealand authorities after confirming his involvement in the spam network, and accomplice Jody Smith, a US resident, has agreed to an order that he turn over nearly all his assets to the FTC, the agency said.

In October 2008, a judge in the US District Court for the Northern District of Illinois, Eastern Division, ordered an asset freeze and a halt to the network's operation, which generated more than 3 million complaints to law enforcement authorities, the FTC said.

Earlier this month, the court issued a default judgment against Atkinson, his company, and three companies affiliated with Smith. In addition to the $15.2 million that Atkinson and his company have been ordered to pay, the three companies affiliated with Smith are liable for nearly $3.8 million.

Atkinson and Smith recruited spammers from around the world, according to the FTC’s complaint, filed last year. Those spammers sent billions of e-mail messages directing consumers to websites operated by an affiliate program called Affking, according to the complaint. The spammers used false header information to hide the origin of the messages and failed to provide an opt-out link or list a physical postal address, violations of the US CAN-SPAM Act, the FTC said.

The spam network, using the Canadian Healthcare brand name and other labels, marketed a male-enhancement pill, prescription drugs and a weight-loss pill, the FTC said. The e-mail messages falsely claimed that the medications came from a US-licensed pharmacy that dispenses US Federal Food and Drug Administration-approved generic drugs.

The defendants did not operate a pharmacy licensed in the US, the FTC said. The drugs they sold were shipped from India and had not been approved by the FDA, the agency.

The FTC alleged that Atkinson and Smith made false claims about the security of consumers’ credit card information and other personal data consumers provided when they bought goods. The defendants’ Web site assured potential consumers that the pharmacy "treats your personal information (including credit card data) with the highest level of security.”

The website went on to describe its encryption process, which supposedly involved “Secure Socket Layer (SSL) technology.” However, there was no indication that consumers’ information was encrypted using SSL technology.

To settle FTC charges that he helped send spam e-mails to millions of consumers, Smith will turn over nearly all his assets. Under the terms of the settlement, Smith will pay approximately $212,000. He also will assign any rights he has to $91,000 frozen in the name of one of his co-defendants, and $547,000 that may be held for his benefit in an Israeli bank.

Smith pled guilty in August to the criminal charge of conspiracy to traffic counterfeit goods, and faces up to five years in prison. He is scheduled to be sentenced in December in US District Court for the Eastern District of Missouri.

By Grant Gross
http://news.techworld.com

Εναντίον του Google Analytics στρέφονται οι γερμανικές υπηρεσίες προστασίας δεδομένων

Associated Press

Βερολίνο

Παράνομη θεωρούν οι γερμανικές υπηρεσίες προστασίας προσωπικών δεδομένων τη χρήση του Google Analytics, της υπηρεσίας που παρουσιάζει τα «δημογραφικά χαρακτηριστικά» των επισκεπτών ιστοσελίδων.

Το Google Analytics χρησιμοποιείται για τη δημιουργία «προφίλ» των επισκεπτών συγκεκριμένων ιστοσελίδων, εξακριβώνοντας όχι μόνο το πόσοι και από πού είναι οι επισκέπτες τους, αλλά και το «διαδικτυακό» ιστορικό τους. Έτσι, ο ιδιοκτήτης της ιστοσελίδας ή ο όποιος ενδιαφερόμενος μπορεί να σχηματίσει μία εικόνα των επισκεπτών της και των προτιμήσεών τους.

Οι γερμανικές υπηρεσίες προστασίας προσωπικών δεδομένων όμως, τόσο σε ομοσπονδιακό επίπεδο όσο και σε διάφορα κρατίδια, θεωρούν ότι η χρήση του Google Analytics αντιτίθεται στο γερμανικό δίκαιο.

Σύμφωνα με την εφημερίδα Zeit, περίπου το 13% των γερμανικών ιστοσελίδων χρησιμοποιούν την υπηρεσία -ανάμεσά τους φαρμακευτικές εταιρείες, πολιτικά κόμματα και ΜΜΕ. Μεταξύ άλλων, το νομικό πρόβλημα δημιουργείται από το κατά πόσον η διεύθυνση IP, η «προσωπική υπογραφή» του κάθε υπολογιστή στο διαδίκτυο, αποτελεί δεδομένο «προσωπικώς συσχετίσιμο». Οι γερμανικές υπηρεσίες θεωρούν πως αυτό συμβαίνει ενώ η Google το βλέπει διαφορετικά, αλλά φαίνεται ότι και η γερμανική νομολογία παρουσιάζεται εξίσου αμφίσημη.

Οι υπηρεσίες φοβούνται ότι η Google θα μπορούσε να δημιουργήσει «προφίλ» εκατομμυρίων χρηστών του διαδικτύου, τα οποία θα συμπεριλαμβάνουν τα ενδιαφέροντά τους, τις συνήθειες ζωής τους, την καταναλωτική τους συμπεριφορά και τις πολιτικές ή ακόμη και σεξουαλικές προτιμήσεις τους.

Οι χρήστες, τονίζουν σύμφωνα με το δημοσίευμα οι γερμανικές υπηρεσίες, δεν έχουν τη δυνατότητα να επιλέξουν ενεργητικά τη μη υπαγωγή τους στο λογισμικό (opt-out), χωρίς το οποίο «δεν στέκει τίποτα». Εξίσου ενοχλημένες παρουσιάζονται οι υπηρεσίες με το γεγονός ότι τα προσωπικά δεδομένα μπορούν να γίνουν αντικείμενο επεξεργασίας από εταιρείες ή φορείες επί αμερικανικού εδάφους.

Η Google υποστηρίζει ότι η επεξεργασία των δεδομένων στις ΗΠΑ καλύπτεται απολύτως από τη συμφωνία «Safe Harbour» μεταξύ Ευρώπης και Ουάσιγκτον, ενώ θεωρεί περιττό το «opt-out» καθώς οι χρήστες μπορούν «να απενεργοποιήσουν τα cookies».

Ethics leaks spur House bill banning P2P apps on .gov PCs

Over the past year, there have been several embarrassing incidents where private government documents have leaked because employees didn't know how to properly configure P2P client software. For the US House of Representatives, the last straw came when ethics documents were leaked. A bill has been introduced to ban the use of P2P apps by federal employees.

Peer-to-peer filesharing applications have been wildly popular, especially among those interested in accessing pirated software, music, and media. But not everyone who operates a P2P client knows how to properly configure the software, and some clients may share entire directories unless explicitly directed not to. Apparently, some government employees have exhibited this sort of carelessness, as private and secret government documents have shown up on P2P networks. Now, at least one Congressman has had enough, and has introduced a bill that would ban the use of P2P software by government employees.

The Congressman in question is Edolphus Towns of New York, who chairs the Committee on Oversight and Government Reform. In a statement announcing the bill's introduction, Towns highlights a number of embarrassing incidents in which sensitive government files showed up on P2P networks. These include schematics for the Presidential helicopter and the location of a first-family safe house, as well as the financial records of a Supreme Court Justice.

But the cynic would suggest that the real spur to action was the leak of a whole series of documents related to ethics investigations of Towns' fellow House members, which he also cited in the announcement. This included a full list of ongoing investigations and details on a number of them. The committee that suffered the leak issued a statement (PDF) at the end of October which indicated that P2P software was involved in the leak, so this appears to involve a relatively quick response.

The bill itself, termed the Secure Federal File Sharing Act, calls on the Director of the Office of Management and Budget to issue guidance on the use of P2P software, and provides the Director some guidance on what it should be: P2P software will be banned on government-owned computers. The OMB Director will have 90 days to come up with rules for government workers and contractors that have access to documents at home. Procedures will also be put in place for government agencies that have legitimate need for P2P software, in order to grant them exceptions.

By 180 days after the bill's passage, the OMB will have to specify procedures to detect and purge P2P use from within the government's networks. After the procedures are in place, the OMB will need to provide Congress with an annual report detailing all the exemptions that are in place.

Although it's tempting to snicker at the ethics leaks being the primary event that spurred Congress to action, it wouldn't be at all surprising if some of the complaints that leaked are the result of misunderstandings or political disagreements; all of them will almost certainly be used (and abused) in future political campaigns. In any case, the other leaks are certainly more severe, and there's no reason to think that the average government employee is ever going to be more technically savvy or security-literate than the general computer using population, so the law addresses a real issue.

Given that P2P software does have a number of legitimate uses, however, blanket restrictions and a formal approval process may turn out to be a hindrance. Assuming the bill passes, the real challenge is likely to be crafting a quick and effective exemption process.

By John Timmer

In Venezuela criminals use Facebook to research targets. Cops use it too — but not always for scrupulous purposes.

In Venezuela criminals use Facebook to research targets. Cops use it too — but not always for scrupulous purposes.

CARACAS, Venezuela — It has taken Venezuela by storm, but it seems that Facebook and other social networking sites also come with their perils.

Police here revealed that a pair of students at a private university in Caracas had been robbing their virtual friends’ homes using information they had compiled using Facebook.

Police raided the apartment of one of two students who, working in tandem with another couple, had been using Facebook to befriend classmates. They then used the information their new “friends” posted on their profiles to find out where they lived, what they owned and when they were not at home.

"They observe the families’ movements, they study the residencies — the comings and goings, the security measures," said Wilmer Flores Trosel, director of the CICPC, Venezuela’s eqivalent of the FBI.

Security analysts in Venezuela say it is becoming increasingly frequent for criminals to use social networking sites such as Facebook, Twitter, Sonico and Hi5 as a source of information for house robberies, fraud and kidnappings.

And it's not just the criminals capitalizing on this online data source, the police too are using it, to go after both hard-core criminals and political protesters. In a country with little tolerance for dissent, many fear the government has designs on controlling these sites. And the crimes aided by Facebook, might give them cause to do just that.

“There's a certain amount of intelligence work involved in kidnapping that Facebook makes easier,” said Roberto Briceno Leon, director of the Venezuelan Observatory of Violence. “Before, what did kidnappers do? They could spend months checking accounts, studying a person's daily movements in order to be able to plan the kidnapping. That implies an investment. Now, Facebook makes that easier.”

Briceno Leon said that even an innocent photograph of a user’s home could reveal valuable information about security systems that could be used to plan robberies or kidnappings.

Leon's Venezuelan Observatory of Violence did a survey and they estimate that there were between 8,000 and 9,000 kidnappings in Venezuela in 2008. The official figure for last year was 554 but most kidnappings go unreported because victims' families prefer not to involve the police as they are often involved in the kidnappings.

Venezuelans are no strangers to crime. Murder rates have reached record highs in recent years and they have been a part of daily life since the late 1980s. Banks take elaborate precautions to avoid fraud. Making a simple withdrawal can involve heavy scrutiny and a customer often has to be photographed and fingerprinted before the money is released.

But Venezuelans are not similarly cautious when it comes to the personal details they publicize on social networks. There are 435,992 users signed up to three "Venezuela" pages on Facebook, and Facebook is used widely in the country for party invitations and political protests.

Briceno Leon said that social networking sites offer the illusion of safety but what may seem like an innocent confession often opens up a window into the private life of an individual.

“People feel intimate and safe, they don't feel like they are on the street,” he said. “That's why people cease to take precautions.”

Facebook is also a tool used by Venezuelan police — though not always effectively. Carlos Graffe, a student from Valencia, a city 75 miles west of Caracas, said the prosecutor’s office put out a warrant for his arrest after he was identified through a photo on Facebook as one of several protesters who are accused of inciting violence during a protest march in Caracas in August.

Graffe and his lawyer claim it’s a case of mistaken identity: The television footage that shows protesters dismantling police barriers during the march shows a different person than the one identified in the Facebook photograph. What’s more, the person in the Facebook photograph is in fact his cousin, also called Carlos Graffe.

Opposition figures claim the Venezuelan government ultimately wants to control social networking sites, which have become an important tool for organizing protests and marches.

Thousands of Venezuelans protested the closing down of local radio station CNB by posting messages on the Twitter account #freemediave. An editorial piece in the state-run Bolivarian News Agency then accused Twitter of becoming a “new channel for creating terror” by spreading disinformation in a campaign orchestrated by the Venezuelan ultra-right.

Government critics claim the government is pushing its own forms of disinformation. In July, Diosdado Cabello, the minister for public works, aired the idea of passing all of Venezuela’s internet traffic through the servers of Cantv, the state-run telecommunications company. Critics say the move would allow the government to control communication on social networking sites during protests.

Social networking sites are a threat to the government that fears that it cannot control the partisanship of sites such as Facebook, said Carlos Delgado, a media analyst at the Andres Bello Catholic University in Caracas. He said the government’s move to control Venezuela’s servers is an attempt to “consolidate its communicational hegemony.”

Criminal Charges

This is Rodney Bradford. A few days ago, Facebook saved his 19-yo life. Facebook, and his status plea demanding the immediate consumption of one of the basic food groups every human being needs to properly function in the morning: Pancakes. [via gizmodo]

Rodney was arrested on October 18 as a suspect in two crimes. He declared himself innocent and Robert Reuland—his defense lawyer—found the key to free him: "Where's my pancakes?"

That seemingly inconsequential Facebook status update proved crucial when the Californian company confirmed that someone wrote it from his father's Harlem apartment computer, using Rodney's user and password at around the time of the alleged crime: Saturday October 17, 11:49am.

Of course, you can argue that anyone with Rodney's password could have written the status update, while the 19-yo went on to commit two crimes, but his defense lawyer and the district attorney disagree:

A spokesman for Brooklyn's District Attorney said the Facebook update served as the confirmation of the other alibis, namely Rodney's father and stepmother, who declared he was at their Harlem home at the time.
The most interesting thing in this case, however, is that this seems to be the first time in which social networking has been used to save the ass of someone, rather than nailing a really stupid thief.

AP+IMPACT%3A+Framed+for+Child+Porn+_+by+a+PC+Virus+-+ABC+News

AP+IMPACT%3A+Framed+for+Child+Porn+_+by+a+PC+Virus+-+ABC+News