Malware using search engines to spread

Internet search engines are now one of the commonest means by which malware spreads, a new study has suggested.

The study carried out by McAfee?s spyware expert Ben Edelman using the company?s SiteAdvisor tool, analysed common searches on all the Net?s major search engines, Google, Yahoo, MSN, AOL and Ask.

The results make sobering reading. Between January and April of this year all surveyed engines returned numerous sites that could be classified as ?risky?. At times the risky site percentage reached 72 percent of returned sites for apparently innocuous searches such as ?free screensavers,? ?digital music,? and ?popular software?.

MSN emerged as the best of the bunch with 3.9 percent of risky sites returned overall, with Google on 5.3 percent and Ask the worst at 6.1 percent.

The report claims US consumers are now making 285 million clicks to hostile sites each month as a result of search engines alone, a figure which is an extrapolation of the estimated 5.7 billion searches made by the US population over the same period.

Sponsored links ? the commercial frontline for search engines ? were particularly prone to malware subversion, returning between two and four times as many risky sites as unsponsored links.

The results held true, regardless of which page was analysed. Page one results were only moderately safer than page 2-5 searches.

“As we look at the web, we see many instances when search engines lead users to dangerous content,? the report says. “Our analysis of search engine safety finds bad practices among 5 percent of search results for popular keywords, or roughly one site per page of search results.”

McAfee lays the blame at the doors of search engines move to earn as much money as possible without considering the implications of malware evolution.

“Profit motivations have shifted search engines’ ranking methodologies. Prominent results often reflect solely a site’s willingness to pay rather than its quality, relevance, or safety,” it says. “Some analysis indicates that search engines make big money selling ads to untrustworthy of sites ? many millions of dollars each year.?

The report cautions against reading the risk rates as low, rightly pointing out that becoming infected with even a single piece of malware can be disastrous for the average consumer.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=6001

Posted in Internet, Security | No Comments

Webroot uncovers thousands of stolen identities

Spyware researchers at Webroot Software. have uncovered a stash of tens of thousands of stolen identities from 125 countries that they believe were collected by a new variant of a Trojan horse program the company is calling Trojan-Phisher-Rebery.

The FBI is investigating the stolen information, which was discovered on a password-protected FTP (File Transfer Protocol) server in the U.S. and is believed to be connected to a Trojan horse that is installed from the Web site teens7(dot)com. The information, organized by country, includes names, phone numbers, social security numbers, and user log-ins and passwords for tens of thousands of Web sites, according to information provided to InfoWorld by Webroot.

The discovery is just the latest evidence of rampant identity theft by online criminals who use malicious Web sites, common software vulnerabilities and keylogging software to harvest information from unsuspecting Web surfers.

The Trojan was discovered on April 25 by Dan Para, a member of Webroot’s Threat Research Team, who was investigating one of a number of malicious files installed using “drive by downloads” from the teens7(dot)com Web site. In drive by downloads, software vulnerabilities in Web browsers are exploited so that malicious software can be pushed down to the machine running the Web browser, usually without any warning to the computer’s owner.

The Rebery malicious software is an example of a “banking” Trojan, which are programmed to spring to life when computer owners visit one of a number of online banking or e-commerce sites, said Gerhard Eschelbeck, CTO at Webroot.

Webroot notified the FBI after it discovered the stolen information, which had been groomed and organized in folders by country where it was “ready to be sold,” Eschelbeck said. The stolen data was hosted on an FTP server hosted by nLayer Communications in New York, according to Webroot. However, the company does not know who is behind the scam, Eschelbeck said.

“It’s probably an individual who set it up,” said Eschelbeck. However, it is unlikely that the individuals running the Web site or hosting the FTP server have any direct knowledge of the scam, he said.

Rebery is still “running wild” on the Internet, Webroot said. The company believes there are more than 12,000 systems infected with the Trojan, 1,200 of them in the U.S.

The stash of stolen identities is just one of many that have been uncovered in recent months, as identity theft has evolved into a lucrative operation for online criminal groups.

Researchers at antispyware firm Sunbelt Software? have also uncovered stashes of stolen information harvested by keyloggers on more than one occasion, and company employees have, in the past, informed some consumers that their identities have been stolen.

Catching the perpetrators is a different matter, however. Often, criminals conduct their affairs from afar, connecting to their servers through one or more compromised machines, which are often scattered around the globe, making criminal investigation and enforcement difficult, experts say.

http://www.infoworld.com/article/06/05/09/78139_HNTrojanrebery_1.html

Posted in Privacy | No Comments

Used Hard Drives Retain Data in eBay Sale

Anybody with five bucks and a little patience may be able to score sensitive corporate data on eBay.

Organizations engaging in the common practice of disk drive recycling–selling unneeded disk drives directly or through a service–may find that company data winds up for sale on eBay’s auction site, even if the drives have been wiped first.

Idaho Power found itself in that situation last week as it attempted to track down unscrubbed company disk drives that had been sold on eBay.

The drives contained confidential employee information, correspondence with customers, and memos that discussed proprietary company information, the company said.

The Boise, Idaho-based utility supplies electricity to approximately 460,000 customers in southern Idaho and eastern Oregon.

Idaho Power said it hired Grant Korth of Nampa, Idaho, to recycle about 230 SCSI drives. Korth sold 84 of those drives to 12 parties, which have not been disclosed by the company, using the eBay Web site. The remaining 146 drives were returned to Idaho Power, the company said.

Korth declined to comment on the situation.

Search and Retrieval

Idaho Power has received assurance from ten of the 12 parties that bought drives over eBay that the hardware would be returned or the data on them would not be saved or distributed. The other two parties are still being tracked down, the company said.

An Idaho Power spokesperson said the company has hired a Seattle law firm, Blank Law & Technology, to launch an investigation to determine what information was on the affected drives and why they weren’t scrubbed as required.

Typically, Idaho Power either destroys drives or scrubs them to Department of Defense standards, the spokesperson said. In this case, the salvage vendor was to have scrubbed the drives to DOD standards, he said.

The company said it will not know what regulatory penalties it may face until the investigation is completed.

In the meantime, Idaho Power has implemented a new policy that calls for drives to be destroyed rather than sold for salvage. That’s the type of policy advocated by Simson Garfinkel, a postdoctorate fellow at Harvard University’s Center for Research on Computation and Society who has researched the issue.

“The resale value of a hard drive is really minuscule,” he said. “These things are worth $5 to $20 each. I don’t think anyone’s buying them on the secondary market for extortion, but you never know.”

Frances O’Brien, an analyst at Gartner, said the distribution of drives carrying unscrubbed data is commonplace. “It happens all the time,” she said. Typically, a user either doesn’t know to clean the drives or doesn’t do it correctly, she said.

Aside from the financial concerns related to losing data, organizations that improperly recycle disk drives can run afoul of a number of federal regulations, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, O’Brien said.

In addition, such incidents could lead to significant penalties in states like California and New York that have broad privacy regulations, said Robert Houghton, president of Redemtech, a Columbus, Ohio-based outsourcer.

When a company hires an outsourcer–which is a practice Gartner recommends–it needs to be aware of the outsourcer’s methods for cleansing data, O’Brien said. “If everyone else is charging $20 and someone says they’ll do it for $2,” he said, “you’ve got to wonder why.”

http://www.pcworld.com/news/article/0,aid,125662,tk,dn050906X,00.asp

Posted in Hardware, Internet, Privacy | No Comments

Linksys Rolls Out Faster Wi-Fi Products

The biggest seller of home wireless LAN equipment is set to launch its gear for the next technology generation on Monday, introducing three products based on a draft of the IEEE 802.11n standard.

The still-emerging standard is designed to deliver at least 100 megabits per second of real throughput. That’s more than most wired Ethernet connections and with its improved range is enough to send multiple high-definition video streams throughout a typical home, according to Cisco Systems’ Linksys division. The Irvine, California, company is set to launch a wireless router, notebook card, and gateway on Monday.

Vendors are lining up to offer consumers equipment based on a preliminary version of the standard even though they can’t guarantee it will work with other early products. But unless a consumer is already doing huge downloads or trying to send video over a wireless LAN, it makes more sense to wait until next year for lower prices anyway, according to ABI Research analyst Mike Wolf.

The WRT300N Wireless-N Broadband Router and WPC300N Wireless-N Notebook Adapter are available online immediately from BestBuy.com and coming to other retailers soon. The router has an estimated street price of $150 and the PC Card is expected to sell for $120, double or more the prices of standard consumer 802.11g gear, which has a theoretical top speed of 54 mbps.

More to Come

The products are just the first of a series of offerings to be based on the draft 802.11n standard, according to Cisco. Also Monday, the company is announcing a DSL gateway with the new technology, shipping in Europe starting May 15, Cisco said. Other products in the Wireless-N family, for both homes and small businesses, will come in the second half of this year.

All the draft 11n products are backward compatible with the current 802.11b and 802.11g specifications and certified by the Wi-Fi Alliance industry group for that capability, said Malachy Moynihan, vice president and general manager of Linksys’ home networking unit. The products also include WPA (Wi-Fi Protected Access) encryption for security.

Support for home wireless video, which is not widely used with current wireless LANs, will be the major benefit of 802.11n, ABI’s Wolf said. Developments such as AT&T’s April 18 deal to send Akimbo Systems video-on-demand content over DSL indicate that the vision of converged computing and entertainment is moving forward, he said. In addition to streaming content between a PC and a wireless LAN-equipped TV or set-top box, consumers with high-speed wireless will find it easier to take matters into their own hands, he said.

“People are just going to send their own recorded shows onto their portable devices,” such as mobile phones and game players, he predicted.

Linksys hopes buyers will be able to upgrade to the final standard with software, but can’t guarantee it, Moynihan said. Interoperability among products will be a more complicated question under 802.11n than with earlier standards, he said. The standard lets vendors use different numbers of radios and antennas, so various combinations of products will be capable of different speeds. There may also be optional elements added to the standard to handle mobile-device issues such as roaming and power management, he added.

http://www.pcworld.com/news/article/0,aid,125515,tk,dn042406X,00.asp

Posted in Hardware, Internet, Networking | No Comments

How Common Is Identity Theft?

Wondering how likely you are to have your credit card number stolen? Well, according to a comprehensive survey conducted by the U.S. Department of Justice (DOJ), identity theft is affecting millions of households in the U.S each year and costing an estimated $6.4 billion per year.

About 3 percent of all households in the U.S., totaling an estimated 3.6 million families, were hit by some sort of ID theft during the first six months of 2004, according to DOJ data released this week.

The data comes from the Justice Department’s National Crime Victimization Survey, which interviews members of 42,000 households across the country every six months to better understand the nature, frequency, and consequences of crime. Households that participate in the survey are selected at random and then interviewed by DOJ statisticians twice a year for three years.

The DOJ has been compiling this information for more than 30 years, but this marks the first time it has asked households about identity theft, said survey author Katrina Baum, a statistician with the Justice Department’s Bureau of Justice Statistics.

Common Consequences

According to the DOJ’s numbers, credit card misuse is the most common consequence of identity theft. It accounted for about half of the cases of identity theft that the survey tracked, Baum said.

Of the other identity theft victims, about 25 percent had banking and other types of accounts used without permission, 15 percent had their personal information misused, and about 12 percent faced a combination of several types of ID theft.

The average loss from these crimes amounted to $1290, with two-thirds of respondents saying that the theft cost them money. Based on these numbers, the nationwide estimated loss during the six months of the study amounted to $3.2 billion, for an annualized total of $6.4 billion.

The young and the well-to-do appear to be more at risk for identity theft, according to the DOJ numbers. Households headed by people between 18 and 24 years of age and those with incomes of $75,000 or more were the most likely to experience identity theft. Households in urban and suburban areas were also more likely to be affected.

According to Baum, 5 percent of households earning more than $75,000 per year experienced this kind of crime. “It’s usually a phenomenon that’s experienced by the young and those in urban households,” she said. The survey did not explore why this is the case.

The “Identity Theft 2004″ report is available online.

More information on the National Crime Victimization Survey can be found online.

http://www.pcworld.com/news/article/0,aid,125291,tk,dn040306X,00.asp

Posted in Internet, Privacy | No Comments