Tech Bitch

Google has met its match. Analysis of spam by men with machines has shown that 4.6% of all spam originates from Web mail-based services and the proportion of spam from Gmail increased two-fold from 1.3% in January to 2.6% in February, mainly promoting adult-oriented Web sites.Yahoo! Mail was the most abused Web mail service responsible for sending 88.7% of all Web mail-based spam.

Hackers have recently relied on new techniques for evading spam detection which involves computationally solving anti-spam CAPTCHAs, mechanisms designed to eliminate automated sign up tools used by spammers by requiring the user to perform a task that can only be performed by a human.

Once hackers develop a computational method with a 20- to 30% success rate they can use their botnets to create unlimited numbers of accounts on compromised services for spamming and phishing. Yahoo! Mail and Hotmail CAPTCHAs were first broken in July 2007. The increase in spam from Gmail this month may be indicative of similar success.

There are several approaches a spammer can take to defeat a CAPTCHA. Whether they do so using an algorithm, a ‘mechanical turk’ or combination of the two, e-mail providers are feeling the pressure to keep pace but are limited to what a human can realistically solve creating ever more doubt surrounding the long-term effectiveness of the CAPTCHA as a security mechanism for protecting email services from abuse.

Also in February, targeted Trojan attacks increased to approximately 30 per day, an increase of around 200% since the end of 2007. These attacks focus specifically on small numbers of targets in each incident, thus keeping below the radar of the wider security industry. One particular attack this month involved up to 900 targeted Trojans, primarily intended for named senior business executives worldwide, and made use of multiple attack vectors including compromised websites and malicious downloads.

It’s obvious online shifties are going to greater lengths than ever before to reach their targets. Not only are we seeing a significant increase in the number of targeted Trojan attacks, but they often appear to be based on prior intelligence gathered about their targets. At the same time though, more and more businesses are protecting themselves against potential threats by only allowing employees to access pre-approved Web sites.

In fact, there’s an increase in the number of Web sites blocked by businesses because they did not fall within an allowed list, rising by 12.9% from last month. By blocking unclassified Web sites, businesses can safeguard themselves against both new and existing potential threats. This is especially true of those Web sites which appear and disappear within 24 to 48 hours which are often used for phishing, spam, Trojans and other fraudulent activities. In fact, 62.2% of all Web-based viruses and 82.5% of all spyware and adware were from this kind of Web site.

The Storm botnet has also continued to be a significant force in driving spam in February. For the first time it has been used to send spam touting VXPL, a drug promising male sex organ enlargement (don’t bother, I’ve tried it and it doesn’t work -Ed!), and nicotine patches, likely tapping into a seasonal increase in smokers trying to quit. At the same time, there was an increase of activity from Storm to further compromise computers, making up more than 96% of this month’s email-borne malware linking to malicious sites.

We’re all being warned to protect our data at all costs following news that the Cult of the Dead Cow hacking group has released Goolag Scan, a hacking utility overlay for Google. Lock up your daughters and head for the hills …

Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers. What Goolag Scan does is to allow even a novice to scan Google for interesting and normally hidden Web-based data, using more than 1500 customised Google search routines. Data which can be revealed by the Windows-based application reportedly includes passwords on application servers, credit card numbers and allied databases held on Web-accessible portals, company e-mail records and audit logs, and a variety of other company confidential information.

Companies protect their Web-based and Internet gateway - accessible data using ID and password systems - but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages. While some security sources have played down the importance of Goolag Scan’s development, it shows the increasing sophistication of hackers and really proves the point that geeks can’t get laid - othwise they’d have much better things to be doing with their time!

Advanced hackers can now pass on their abilities to novice or newbie hackers using quite complex applications. The bad news (depends on how you look at it I suppose) is that the altruistic nature of the non-criminal hacking community is such that these applications are being offered for free.