Tag: Malware
Spear Phishing: Is Your Boss a Whale?
Spear and whale phishing 1have been around for a while now, but recent social engineering efforts are focusing more on company executives. An example is this type of email: it certainly looks legit at first glance; even the phone number and address – right down to the floor number – are correct. But take a closer look at the URL used in the links: the real site has no relation to puzzlejs-mailing.com. (Jul 29, 2010)
My spam is different from your spam!
The type of spam you receive depends on many things, including your behavior on the net, how you use your email address, your position in a company and much more. As a software company executive I receive a very particular stream, one that is probably very different than what most people receive. Well, at least that's what our Security Operations team tells me. (Jul 22, 2010)
Sex, pills & scams
These three words reflect 90% of the spam traffic for May-June 2010. Between fake Twitter emails and classic Nigerian 419, there was a rise of new phishing attempts using .html attachment files. (Jul 15, 2010)
Organized Cybercrime
A month ago I read a fascinating book called McMafia 1by Misha Glenny 2. Glenny, a former BBC world correspondent, presents a terrifying yet eye opening look at how organized crime has progressed with Globalization over the last few decades. Glenny covers all the major illicit activities from global drug trafficking networks, to prostitution and human trafficking. One chapter in particular is dedicated to the future of organized crime and the fastest growing sector, cybercrime. (Jul 13, 2010)
Who’s responsible for Internet Security?
A couple of stories in the news today caught my attention because they have very opposite perspectives on tackling cybercrime and Internet security. First, the Australian government is thinking of making home computer users responsible for security1. They’re contemplating legislation to force users to install anti-virus programs and firewalls on their home computers before being allowed to connect to the Internet. (Jun 23, 2010)
Angelina Jolie wants to be my friend: The pitfalls of social media
I guess writing this blog brings some perks after all. I’ve been nominated to ‘represent [my] professional community’ for every possible Who’s Who list, Facebook invitations are coming in fast and furious, I’m getting offered all kinds of free product subscriptions, and, judging from my message content, I think my 15 minutes of fame have finally arrived! (Jun 09, 2010)
Interesting question from a customer: “Why should we block .EXEs?”
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it. (May 26, 2010)
Why can’t you stop this spam?
Maybe you’ve seen more spam hitting your Inbox over the past couple of months and wondering, “Why am I paying for filtering? This stuff is obviously spam – why can’t you guys stop it?” The main challenges of being in the spam filtering business are dealing with clients’ expectations on the one hand, and the sheer size of the spam/malware machine on the other. (Apr 16, 2010)
March Email Security News
A summary of links to recent articles that I have found interesting in the last few weeks. Includes my own commentary. (Apr 02, 2010)
Policy Compliance: Keep it Simple, Stupid!
Are you getting pressured to provide some sort of regulatory compliance rules to your business that will affect your network configuration, your email flow and your end users? Do you have to deal with SOX or HIPAA or GLBA, or ‘Oh Lord, not another Acronym’ regulation (we’ll call it the OLNAA) whose apparent sole purpose is to complicate your life? (Mar 24, 2010)
Catch a botnet by the tail
Catch a lizard by the tail and it will shed its tail and run free. This is a fun fact of nature (even more fun when you’re a kid) and a very clever trick to fend off a predator’s attacks. And did you know that if you try to catch a botnet, chances are the same thing will happen? (Feb 19, 2010)
“Love is in the air” ...or is it?
Ah, Valentine’s Day, the time of year when suddenly everyone is starry-eyed and declaring their love for one another. Our eagerness to please our loved ones tends to make us a little more vulnerable. And this makes us perfect prey to scammers who pounce on these vulnerabilities to spread their viruses and scams. (Feb 11, 2010)
Spam: Surveying the Surveys
Another year has passed and it seems everyone is busy publishing their year-end security reviews, survey results, and fearless predictions for the upcoming year. (Jan 20, 2010)
One phish, two phish, red phish, blue phish
Typical phishing messages purport to originate from various financial institutions, delivery services, Facebook, and so on, all with the aim of getting you to click the enclosed link and disclose some personal information that can be abused. (Dec 16, 2009)
What, me worry?
Incidents of cybercrime via malware and exploits are on the rise, but if this recent poll is to be believed, people are still too blasé about their Internet security. The Unisys Security Index: Global Summary report 1 revealed the following: “Concerns over security in everything from online shopping and banking to safety from computer viruses, as well as national security along with personal and financial security, were significantly down over what was recorded half a year ago for populations in the United States, the United Kingdom, Germany, Belgium, Brazil, Netherlands, Spain, Australia and New Zealand. (Nov 18, 2009)
The Future Of Email Security: Where Do We Go From Here?
There’s no denying that anti-spam filters are imperative in the fight against junk mail and malware, but no single solution is fool-proof. Employing anti-spam and virus filters, stronger passwords, encryption, and so on, are not enough to win the battle against the ever-increasingly sophisticated attackers. (Nov 04, 2009)
Drive by Downloads
This is a term I’m seeing more and more frequently in security-related web posts and, frankly, I thought it was fairly new. After doing some research, however, I found an article entitled, Anatomy of a “Drive-by-Download,” that was written in 2004 (!) by Eric L. Howes. Where have I been all this time? (Oct 21, 2009)
Who do you trust?
There were 2 major malware waves last week that caused a big impact. The first one involved the Outlook Notification virus, which some major AV providers were still unable to catch even after 12 hours in the wild. (Oct 19, 2009)
What’s the (cyber)world coming to?
Am I the only one who’s getting creeped out by the increasingly sinister tone of the latest cyberthreats making the rounds? Several news items from the past couple of days make me want to unplug my computer and forget I’d ever heard of the Internet. (Oct 07, 2009)
First Michael, now Patrick. Celebrity deaths yield new spam campaigns
So how does a celebrity's death result in more spam? Spammers take advantage of our thirst for information and know that we will be Googling for the latest news and gossip. (Sep 16, 2009)
