Shaun Nichols in San Francisco, V3.co.uk, Friday 27 August 2010 at 02:07:00

Security experts are issuing warnings following the discovery of a malware
scam using email attachments.

The attack uses emails claiming to be from delivery service FedEx. The
message claims that the user was unable to receive a package due to an address
error and instructs users to print out an attached form to claim the package.

The attachment, however, contains a malicious .zip file which, when opened,
triggers the malware attack. Security firm Sunbelt Software
identified
the malware as zbot.

Sophos senior technology consultant Graham Cluley said that the attack shows
an interesting twist on the common tactic of hiding malware trojans as email
attachments.

“Unlike many of the other Fedex-related malware attacks we have seen in the
past, the emails carry the message about the failed delivery in the form of an
image rather than text, possibly in an attempt to try to defeat more
rudimentary anti-spam filters,” Cluley said in
a
blog post.

Users are being advised to use common security best practices such as
avoiding suspicious messages and not loading unknown or suspicious file
attachments.

Shaun Nichols in San Francisco, V3.co.uk, Thursday 19 August 2010 at 02:20:00

Facebook has taken down multiple fake pages following the discovery of a
massive survey scam.

Security firm Sophos said that the scam spread through the social networking
site’s ‘Share’ function, which allows users to display web pages with contacts
on Facebook.

The scam began by offering users a page called “Top 10 funny t-shirt fails.”
Upon clicking the page, the user is asked to fill out a short “verification”
process which concludes with sending the user to a number of third party survey
sites.

In the process, the page uses a script to access the user’s ‘Share’ button,
reposting the link on the user’s news feed and putting everyone on the user’s
friend list at risk of attack.

Additionally, one of the survey sites asks for mobile phone numbers which are
used to subscribe the user to premium text messaging services.

“Instead of tricking the user into liking something, it tricks them into
using the Facebook ‘Share’ feature without requiring the user to acknowledge the
fact that they are sharing it,” said Sophos researcher Onur Komili in a
company
blog post.

The technique is similar to a scam
spotted
on a Facebook earlier this year. That attack covertly activated the user’s
‘Like’ button to spread scam pages on the social networking service.

V3.co.uk staff, V3.co.uk, Friday 30 July 2010 at 14:28:00

The big hit with V3.co.uk readers this week was our run down of the
top 10 best and worst things about Facebook, one of which has to be the fact
that it was ‘easy’ for a hacker to expose details on 100 million Facebook
accounts.

This was followed by the news that IPv4 addresses will run out in under a
year, Apple’s rollout of the iPhone 4 to a further 17 countries, and HMV’s
aggressive move into the digital download market.

News from the Black Hat conference was also popular, particularly an ATM hack
and the introduction of DNS Security Extensions.

Meanwhile, T-Mobile and Vodafone have started promoting Nokia’s N8
smartphone, and Apple’s share of the smartphone market has dipped slightly.

Top
10 best and worst things about Facebook


What we like and loathe about the site

IPv4
addresses to run out in 12 months


Stark warning for the IT industry

Apple
sets out plans for iPhone 4 expansion


Handset will debut in a further 17 countries

HMV
goes digital in competition with iTunes


High-street store offering Top 40 singles for 40p each

Mobile
operators begin Nokia N8 push


T-Mobile and Vodafone offering sign-up for Nokia’s make or break smartphone

Black
Hat: Hacker makes ATMs spew money


Barnaby Jacks demonstrates ‘easy’ attacks on cash machines

National
Crime Agency could replace Soca


Cyber crime, child online protection and internet surveillance could all be
under one roof

100
million Facebook accounts exposed


‘Hack’ highlights users’ lax approach to privacy

Black
Hat: Internet gets ‘biggest upgrade since World Wide Web’


DNS Security Extensions could cripple man-in-the-middle attacks

Apple
loses ground in the smartphone market


Overall sales are buoyant, says analyst, but Apple’s share dips

Iain Thomson at Black Hat 2010 in Las Vegas, V3.co.uk, Wednesday 28 July 2010 at 22:08:00

The founder of the Black Hat conference has told delegates that the Secure
Sockets Layer (SSL) encryption used in the majority of e-commerce is broken.

Jeff Moss was also scathing about the general state of internet security for
businesses and consumers.

“Thirteen years down the line since the first conference, and we’re still not
able to conduct business online,” he said. “SSL is broken and, while it’s great
to see things are going better now, it’s a long way down the line.”

However, security specialist Dan Kaminsky disagreed, insisting that SSL is
still useful.

The situation is not perfect, according to Jane Holl Lute, US Deputy
Secretary of the Department of Homeland Security (DHS), but the US government is
working to sort out problems and make cyber space safe for citizens.

Lute told delegates in her keynote that securing cyber space is one of he
department’s key remits. “Wars end lives, but cyber space destroys them,” she
said.

The speed of technological advancement is such that the tools available now
are almost beyond our ability to use them, Lute told delegates, although she
doubted that this is true in the long term.

A comprehensive cyber security exercise will be carried out this autumn, and
the DHS is gearing up for major moves to protect the online infrastructure of
the US and the world, said Lute.

Miya Knights, V3.co.uk, Monday 26 July 2010 at 12:46:00

Microsoft has revealed its web browser spam filter technology has stopped its
one-billionth piece of malware from being downloaded.

Internet Explorer 8′s (IE8′s)
SmartScreen
Filter uses URL reputation-based anti-malware technology to warn users if
they are visiting web sites hosted by servers known to distribute unsafe
content.

James Pratt, Internet Explorer business and marketing senior product manager,
said the milestone was evidence of continued investment in the browser’s
back-end service since IE8 was released in March 2009.

“Your browser needs to continually enhance and improve its service,” noted
Pratt in a
blog
posting. “We have got better and better at blocking malware through the
SmartScreen Filter.”

Pratt was also quick to point to figures from
Net
Applications released last week that gave IE8 a total browser market share
of nearly 26 per cent.

The
last
milestone for SmartScreen Filter was announced in August 2009, when
Microsoft said 80 million malicious downloads had been blocked.

Rik Ferguson, senior security advisor for
Trend
Micro, told V3.co.uk that, by comparison, his firm’s Smart
Protection Network received 45 billion daily requests and blocked 4.3 billion
queries a day.

“Out technology works in a similar fashion to the SmartScreen blacklists,” he
said. “But it works across emails, URLs and other malware files because all
threats operate on multiple vectors.”

Like Ferguson, senior technology consultant for
Sophos Graham
Cluley conceded that it was good to see browser software developers like
Microsoft and Mozilla add more malware protection in at the back end for users.

“More and more malicious software is distributed via the web,” Cluley said.
“Technology like the SmartScreen Filter is a good thing because many users don’t
keep their anti-virus software up-to-date.”

But he added it was no substitute for full anti-virus software protection.

Shaun Nichols in San Francisco, V3.co.uk, Friday 23 July 2010 at 03:50:00

Spammers are increasingly making use of URL-shortening services to get their
messages through to users, reports MessageLabs.

The security firm said in its July intelligence report that the service are
being used in record numbers by spam botnet operators as a way to evade
anti-spam filters.

While the tactic has been in use for more than a year, MessageLabs said that
the services are increasingly being used by spammers and botnet operators. In
June the company found that on 14 days URL-shortening services accounted for
more than 0.5 per cent of all spam.

“The average volume of spam containing shortened URLs has increased and
MessageLabs Intelligence is seeing more days where shortened URLs are included
in significant volumes of spam,” the company said in the report.

“This indicates adoption of shortened URLs in spam is becoming a sustained
spamming tactic rather than an occasional use tactic.”

Among the heaviest users of the tactic has been the Storm botnet. The company
found that the botnet contributed more than 11 per cent of all URL-shortened
spam messages.

Overall, MessageLabs reported that spam levels were down slightly from last
month, accounting for 88.9 per cent of messages. Malware-laden messages and
phishing attacks were also down slightly from June levels.

The company estimated that it in June one in every 306.1 emails contained
malware, while one out of every 557.5 emails was a phishing attempt.

Shaun Nichols in San Francisco, V3.co.uk, Thursday 15 July 2010 at 02:46:00

The infamous Zeus malware botnet has begun harvesting user bank data by
posing as a credit card verification scheme.

Security firm Trusteer said that the malware has been injecting phishing
pages into user systems which harvest bank details along with personal
identification information. The pages claim to be from the bank and ask the user
to fill out an “enrolment form” for the ‘Verified by Visa’ or Mastercard
‘SecureCode’ security programmes.

The Zeus botnet has built up particular notoriety for its phishing practices.
Rather than attempt to redirect users to infected sites or phishing pages, the
malware embeds itself within the system and then generates phishing pages
locally.

According to Trusteer, the malware is now waiting for the user to log into
banking sites, and then generating the phishing pages which the malware claims
to be from the user’s own bank. Trusteer said that the attack currently targets
customers of at least 15 US financial institutions.

The stolen account data is then used to register accounts with the services
and perform fraudulent transactions.

While Zeus has commonly been linked to financial fraud operations, the
malware has performed other activities. Earlier this year the botnet made
headlines when it moved from collecting financial data to
harvesting
information from government workers.

The infections have continued
despite
increased efforts to shut the botnet down. Trusteer estimates that the
malware may infect as many as one out of every 100 machines.

Sharon Brennan, V3.co.uk, Friday 9 July 2010 at 12:31:00

Google chief executive Eric Schmidt believes that the company’s Chinese
licence will be renewed, despite ongoing tensions with the Chinese government.

Schmidt claimed at an industry event in Sun Valley that Google “now expects
to get a renewal”, according to a
Reuters
report.

China’s Ministry of Industry and Information Technology said on Wednesday
that it is reviewing Google’s licence renewal application, but gave no deadline
for completion, nor did Schmidt offer a date during his comments.

Tensions rose between Google and the Chinese authorities in January when the
company decided to
stop
censoring its Chinese search services following cyber-attacks on Gmail
accounts belonging to human rights activists.

Google has since been redirecting visitors to Google.cn to a site hosted in
Hong Kong.

The firm said last week that it will
stop
this automatic redirect, as the Chinese government found it “unacceptable”
and Google’s licence “will not be renewed” if the redirect continues.

Google submitted its Chinese internet content provider licence renewal
application at the end of last month based on an “alternative” system.

Chinese visitors will be taken to a landing page on Google.cn that links to
Google.com.hk “where users can conduct web search or continue to use Google.cn
services like music and text translate”.

Shaun Nichols in San Francisco, V3.co.uk, Thursday 1 July 2010 at 22:06:00

A sophisticated malware operation targeting defence contractors has been
uncovered.

Researchers at Symantec Hosted Services said that the operation involved
compromising the site of one firm and then using the hacked site to host a
malware attack on another contractor.

The attack began when the first company’s site was compromised and embedded
with a landing page and obfuscated exploit code. The attackers then sent out a
series of emails to employees of a second firm claiming that the company’s
chief executive had been arrested by US authorities.

When the targeted users clicked on an included link, they were directed to
the compromised site of the first company, which then attempted to exploit a
recently-disclosed
vulnerability in the Windows Help component and infect users with an
assortment of malicious software.

Symantec Hosted Services senior malware analyst Martin Lee told
V3.co.uk that the sophistication and complexity of the attack was
particularly noteworthy.

“This is a very professional attack by someone who really knows what they are
doing,” Lee said. “We see an awful lot of targeted attacks in which the
malicious binary is attached to the email, and we have also seen targeted
attacks that include a link to download, but what we have not seen before is
hacking another company’s web site – a very reputable second contractor – and
hosting that binary on their site.”

Malware attacks on corporate targets have been the cause of some of the
biggest security stories this year. In January, news broke of a massive spyware
attack known as ‘Operation Aurora’ that targeted more than 30 firms.

Reports of the attack and its eventual tracing back to systems in mainland
China led companies to
re-think
their security strategy and
created
diplomatic tensions between the US and Beijing.

Shaun Nichols in San Francisco, V3.co.uk, Friday 4 June 2010 at 22:54:00

The release of a new novella in the popular ‘Twilight’ series could spark a
malware outbreak, say security experts.

Security vendor PC Tools issued a warning to users in advance of the release
of author Stephenie Meyer’s new title “The Short Second Life of Bree Tanner.” A
digital version of the book is scheduled to be released on the web 7 June.

The company warned that the ‘Twilight’ author’s latest release could find its
way onto the web as a PDF file which could be compromised by malware writers to
contain malicious Javascript code and infect users with malware.

PC Tools said that the threat of ‘poisoned’ e-book files has increased with
the growth of reader tablets and other devices which can be used to read digital
titles.

“They will exploit the online searches to find ways to infect computers with
malware and new threats,” the company said.

“Eager fans searching for early sneak peeks will also be targeted.”

The company is recommending that users only download the title from trusted
sources, scan all downloads before launching and be wary supposed e-books which
come as executable files.

Iain Thomson in San Francisco, V3.co.uk, Saturday 29 May 2010 at 04:31:00

US federal prosecutors have filed charges against three men for tricking
internet users into buying over $100m (£69m) worth of fake security software.

The three men are alleged to have set up a company called Innovative
Marketing, which sold software such as DriveCleaner and ErrorSafe for around $50
(£34) a time.

The software scans a user’s system, purports to have found malware and then
offers to remove it for a price.

Bjorn Daniel Sundin, 31, a US citizen believed to be living in the Ukraine,
Shaileshkumar P. Jain, 40, a Swedish citizen thought to be living in Sweden, and
James Reno, 26, of Amelia, Ohio, are accused of creating several fake
advertising agencies that booked $85,000 (£58,000) worth of legitimate space
which was never paid for.

Users clicking on the adverts were redirected to a web site which initiated
the scareware selling process.

The trio is also alleged to have used the adverts to sell fake
pharmaceuticals, and have each been formally charged with computer fraud and
conspiracy to commit computer fraud as well as multiple counts of wire fraud.

If found guilty they face a maximum sentence of 20 years in prison and a
$250,000 fine for each case of wire fraud. The authorities are seeking to
recover the profits from a Ukrainian bank.

Editor’s note: Should media sites become group buying sites as well? Guest author Dave Chase thinks so.  He was a marketing executive and general manager at Microsoft in the 90’s including starting Microsoft’s healthcare business. After leaving Microsoft, he has been involved in Internet startups including a social commerce company in the health sector that is in stealth.

If there’s one thing we’ve learned from the Internet it is that if a middleman doesn’t add enough value, their days are numbered.

Media companies may not have thought of themselves as middlemen—but that’s what they have been for marketers. When I used to buy advertising a decade or so ago, I felt it was my job to do what I could to get the media provider out of the middle between my company and the customers we desired. For example, we did a lot to drive a direct relationship including encouraging them to register with us so we could communicate with them directly later—first through e-mail, now it would be via a Facebook page or Twitter.

Back then, there was more than enough ad revenue for the media company to sustain their business—so much profit, in fact, that some companies got complacent. Just as railroad companies should have realized they were in the transportation business rather than the railroad business (and thus they missed the opportunity to get into the auto or air transportation business), media companies should recognize their business purpose is to connect their audience with products and services the audience desires. Without that business purpose, they can’t fulfill their editorial mission.

The traditional mission of a media business is to collect a loyal audience with high quality information, and let the advertisers worry about how to sell stuff. The media companies sold the audience.

Retailers historically aggregated consumers for product makers—for example, giving Proctor & Gamble a way to sell to people in Poughkeepsie . But most didn’t add a lot of value beyond offering consumers product selection and price. Retailers such as Best Buy have realized that and have started to add other value to the experience (e.g., the Geek Squad). Meanwhile, one of the retailers’ biggest costs has been advertising—circulars, broadcast advertising or something else.

Today, media companies on the Web aggregate consumers around specific interests and product niches (technology, cooking, travel, music, movies, sports, finance) much more efficiently. I believe today’s media companies will need to get directly involved in commerce to ensure a sustainable business model. The Times (UK) and Burda (Germany) are both reported to be realizing a substantial portion of their profits from direct commerce enabled from their websites selling 3rd party travel packages and other goods and services. Local media companies such as the Washington Post are either partnering with group-buying sites such as LivingSocial or rolling out their private label competition to Groupon and LivingSocial.

Some traditionalists may shudder at this blurring of church and state lines. However, the trusted relationships media companies and retailers historically aspired to have is more important than ever in this age of transparency. A company that shills for inferior products will be outed immediately. Conversely, a company that provides entertaining, inspiring and informative content and allows consumers to more easily find and complete a transaction for the best products and services is providing a great service to their readers.

The byproduct for traditional media businesses unwilling to make these moves is self-evident. It’s not hard to see this in action as you pick up your ever-shrinking newspaper that isn’t covering the topics it once did. In other words, their editorial mission is suffering due to sticking to their traditional ways.

Once again, traditional media run the risk of being slow to adapt. In some regards, smart media companies need to think more like retailers. That is, get directly involved in the transaction that they are only indirectly touching today. Rather than let the next eBay or craigslist form independently, they should get actively engaged in some of these new models:

1. Private Sale business: Companies such as Gilt Groupe and Ruelala are experiencing phenomenal growth. These insider-ish member based businesses borrow from outlet-mall sample sales to create great value for the consumer. In a nutshell, they have a member list to which they send “flash sales.” Those sales are typically 72 hour in length, and the consumer gets access to curated merchandise at 50-75% off of retail. Yet another example is private sale pioneer, France-based Ventee-privee, which is approaching $1B in annual sales and like the others is highly profitable.
2. Group Buys: Groupon and LivingSocial are seeing tremendous growth tapping people’s social networks to present consumers with great deals that still make sense for merchants. Group-buying sites have also gained investor interest because of their compelling economics as you can see for Groupon and LivingSocial.

While these trends can span both local and national media properties, I believe that the private sale business is a great fit for a national publication. National publications tend to be focused on a particular topic area whether they are gadget blogs, design site, or parenting magazine. Here are a few examples:

• Wouldn’t Zulily (a private sale site geared toward young children’s clothing) bolted on to Parents Magazine grow far more quickly and still be a good fit with Parents Magazine’s audience mission?
• Vogue has partnered with Gilt Groupe to “shop the issue” at http://vogue.gilt.com/.
• Daily Candy has launched their own Sample Sale.

Meanwhile, local media is a natural fit for group buys—the group-buying phenomenon is largely local. Already we have seen Groupon work with Metromix and LivingSocial partnering with the Washington Post. Group-buying programs can grow much faster by piggybacking the daily or regular habit most consumers already have with various local news properties.

National media will have to be more careful not to cross journalistic lines. It will be relatively easier for local media as most of the group-buying categories don’t directly relate to their editorial focus with the exception of special sections such as travel. The value of the local media isn’t terribly different than the traditional model – i.e., aggregating a large, local audience. However, they are taking the additional step of closing the transaction.

Those of us who have sold media understand how successful private sale and group-buying programs can avoid the common scenario of trying to explain to an advertiser that the media property achieved the agreed upon objective (i.e., exposing consumers to the merchant’s offerings) but it may have been the merchant who didn’t do their end of the bargain very effectively. These social commerce programs can avoid a common problem with ads – the lack of measurability, and the inevitable disagreements between the merchant and the publisher over the effectiveness of the ads.

Some believe this model of commerce will die out as the economy recovers. I disagree. Product purveyors have always had extra inventory they need to unload. Further, the private sale approach allows them to do it in a way that they don’t perceive damages their brand even if they have premium positioning.

Likewise, in the local arena where popular group-buying categories such as restaurants and service providers (spas, dentists, etc.) are having great success, those organizations previously employed the “spray and pray” method of advertising with little idea whether it was working or not. With group-buying, they not only get a directly measurable transaction closed, they get what amounts to free advertising even for people who don’t purchase, since the group-buying sites amount to a quasi city guide. Groupon states in their marketing that 9 out of 10 businesses who have used them state that Groupon customers are among their “new regulars”. That puts this model in the no-brainer category for many local media.

Photo credit: Flickr/ Tilo Driessen

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 5 May 2010 at 03:23:00

VirusBulletin has posted the results of its latest round of anti-spam tests.

The security publication said that of the 21 products tested as part of its
May VB Spam report, 18 were able to claim certification as having passed.

The test pits products against a collection of spam messages and grades
products both based on the ability to block spam messages while avoiding “false
positive” blocks on legitimate messages.

A final score is calculated by multiplying the false positive percentage by 3
and then subtracting that number from the percentage of genuine spam blocked. To
pass, the product must receive a final score higher than 96.

The company said that of the 20 products that took the full test, 17 were
able to meet the criteria.

An additional product, the Spamhaus ZEN plus DBL blacklist, was classified as
a partial solution meant to be used alongside other products, and as such was
tested and given certification in a separate category.

Of the three products that did not pass the test, none recorded false
positive rates higher than 2 per cent or spam catching scores under 98 per cent.
Higher false positive rates appeared to prevent passing scores for MessageStream
and modusGate, each of which caught more than 99 per cent of legitimate spam.

Sunbelt’s Vipre offering scored slightly less than 98.5 per cent caught with
a false positive rate of under 1 per cent to fall short of certification.

Among the products placed the highest on the test’s ‘quadrant’ ranking system
were Microsoft Forefront, Libra Esva, Sophos, BitDefender and Symantec
Brightmail.

Shaun Nichols in San Francisco, V3.co.uk, Friday 23 April 2010 at 22:51:00

The Anti-Phishing Working Group (APWG) is running a new campaign to educate
users about the dangers of giving out credit card data online.

The group has constructed a simple campaign designed to mimic common data
harvesting operations in hopes of teaching users safe practices before they fall
victim to a real phishing operation.

The campaign centres around a phony credit monitoring site named
ismycreditcardstolen.com.
The site asks the user to enter credit card details and then determine whether
that account has been stolen.

After the user enters credit card details, however, the site redirects to
another page headlined “This was a test. You have failed it.”

“Your credit card details were not transmitted when you hit the submit
button. But don’t trust this claim without question,” reads the page.

“Find a technically-inclined friend to verify it for you. After all, you’ve
already been tricked once.”

To further spread the campaign and mimic an actual phishing scam, the page is
also being spread through Twitter postings.

In a twist of irony, however, many users may never see the landing page. The
site has already been reported and blocked by Mozilla’s anti-phishing system,
which reports the site as a known web fraud.

Shaun Nichols in San Francisco, V3.co.uk, Saturday 27 March 2010 at 05:52:00

The notorious Zeus malware has been spotted masquerading as US tax documents.

Sans researcher Kevin Liston reported that the organization had been
receiving reports of unsolicited emails claiming to come from the United States
Internal Revenue Service (IRS.)

The emails claim that the user has “underreported income” on their tax
statements and urges the user to downloaded and run a linked file. The linked
file is an executable which infects the user with the ZeuS malware.

The technique is not new. In
recent
tax seasons users in both the US and UK have been targeted by social
engineering malware attacks masquerading as documents from tax authorities. The
IRS does not send official notifications via email and users are advised to
avoid any email messages claiming to be from the agency.

The attack is the latest attempt to infect users with the
Zeus
malware. Already gaining a level of infamy amongst the security community,
Zeus allows an attacker to locally edit HTML files on the user’s system turning
normally benign web pages into phishing sites and allowing the attacker to
harvest credentials without the knowledge of users.

Zeus is not operating without opposition, however. The security community has
begun tracking malware activity and has adopted a new strategy of notifying ISPs
of the illegal activity and having the servers hosting the botnet
shut
down at the provider level.

Shaun Nichols in San Francisco, V3.co.uk, Thursday 25 March 2010 at 23:29:00

A 23 year-old Frenchman accused of
infiltrating
Twitter systems and distributing corporate data has claimed that his actions
were not malicious.

François ‘Hacker Croll’ Cousteix told French media that he was trying to
highlight vulnerabilities in the micro-blogging service when he allegedly stole
more than 300 pages of corporate information.

“I wanted to warn them, to show up the faults in the system,” he was quoted
as saying.

Cousteix, who is currently unemployed, has been charged by local authorities
with breaking into a data system. If convicted, he could face up to two years in
jail and a €30,000 (£27,000) fine.

Authorities believe that, while posing online as ‘Hacker Croll’, Cousteix was
able to penetrate systems at Twitter headquarters in spring 2009, and access
hundreds of confidential corporate documents and administration tools.

Twitter has maintained that no user credentials were breached, and that the
attack had no impact on the micro-blogging service.

However, many of the stolen documents were
released
to the press last summer, including information on Twitter’s security
systems, notes from confidential meetings and some of the company’s future
plans.

Dan Worth, V3.co.uk, Thursday 25 March 2010 at 12:13:00

Web registrar GoDaddy has said that it will stop registering domain names in
China in protest at the growing amount of information required by the Chinese
authorities.

Christine Jones, corporate secretary at GoDaddy, said at a congressional
commission on China that the firm is concerned by changes being made to the
information required from Chinese citizens when they sign up for a domain.

“A new policy effective 14 December required any registrants of .cn domain
names to provide a colour headshot photo identification, business identification
(including a Chinese business registration number) and signed registration
forms,” she said.

Jones explained that the Chinese authorities then asked GoDaddy to
retrospectively gather this information on pre-existing owners of domains, and
threatened those that did not comply with disconnection of their domains.

“For these reasons, we have decided to discontinue offering new .cn domain
names at this time,” she said.

Jones went on to criticise the Chinese authorities’ approach to the
management of the internet.

“We believe that many of the current abuses of the internet originating in
China are due to a lack of enforcement against criminal activities by the
Chinese government,” she said.

“Our experience has been that China is focused on using the internet to
monitor and control the legitimate activities of its citizens, rather than
penalising those who commit internet-related crimes.”

Jones claimed that, as a result, GoDaddy has had to repel a large number of
attacks on the systems that host its customer web sites, including distributed
denial-of-service attacks.

“We also combat many attacks that are more systematic, such as hackers
attempting to insert malicious code into the pages of our customers’ hosted web
sites,” she said.

Jones confirmed that existing .cn domains would not be affected by this
announcement, but urged the US government to pressure China to change its stance
on internet regulations.

“We hope that the US government can use its influence with the authorities in
China to increase Chinese enforcement activities relating to internet abuse,
while encouraging the free exchange of ideas, information and trade,” she said.

The move follows
confirmation
from Google that it will move its Chinese search operation to Hong Kong, and
speculation that Dell is considering
closing
its operations in China and relocating them to India.

Russia
recently
announced that it will tighten up its domain name registration policies to
take on DNS scammers and cyber criminals operating in the region.

Iain Thomson in San Francisco, V3.co.uk, Saturday 20 March 2010 at 09:05:00

The
ongoing
case against hackers using stolen share trading accounts to manipulate
stocks is seeing good co-operation between Russian businesses and the Securities
and Exchange Commission (SEC).

The case against Russian firm Broco now looks to be developing into a search
for a client who used the company’s share dealing system to illegally manipulate
stock prices on the New York Stock Exchange.

“The equivocal account belongs to our client,” said Dmitry Zelenko, head of
Broco’s legal department.

“This client has been conducting his trading on his own and Broco has just
provided him with technical facilities and brokerage services in co-operation
with licensed Genesis Securities. This account was identified as belonging to
Broco by a mistake.”

The company is now working with the SEC to find the perpetrators and hunt
them down.

“Our further steps are to initiate criminal proceedings of swindlers within
Russian Federation, to recover damages from the swindlers and to protect the
company’s reputation in the court of New York,” said Valery Maltsev, president
of Broco.

The SEC told V3.co.uk that it is happy that Broco is working to sort
out the problem, while not wishing to comment on current legal action.

“Broco has been fully co-operative and we both look forward to a speedy
resolution,” said Justin Chretien assistant chief litigation counsel for the
SEC. “We’re happy to have such co-operation.”

Iain Thomson in San Francisco, V3.co.uk, Thursday 18 March 2010 at 23:39:00

The Russian at the centre of
allegations
by the Securities and Exchange Commission (SEC) of stock price manipulation
using hacked trading accounts has denied the claims.

Valery Maltsev, president of BroCo, said that he was not behind the plan to
manipulate stock prices by using stolen stock trading accounts. The company says
it has investigated the claims and has identified the perpetrator, who is a
client.

“I underline that neither me no BroCo are associated with trading on this
specific account,” Maltsev wrote in a letter to V3.co.uk.

“The account suspected in price manipulation in market belongs to a client of
the company. The client performed his own trading and traded at his own
responsibility. Thus BroCo is not associated with trading on above-mentioned
account,” he wrote.

The SEC is claiming the price manipulation netted Maltsev $255,532 and cost
the US investors whose accounts had been hacked $603,000. However, Maltsev
disputes both these figures and the SEC’s account of what occurred.

He said he had no idea where those figures were arrived at, nor why the
owners of the accounts didn’t notice such large transfers taking place. He also
questions why the police have not been informed and why the SEC is undertaking a
civil trial not a criminal one.

“Accounts were intruded, a hacker robbed it, he has been robbing for six
months – and no one gave a ring to the police? No one saw anything, hear
anything. No one understood what was going on,” he continued.

“And Scottrade investors didn’t even see that the money was going out of
their accounts, they were not noticing that for six months! I can’t understand
that. And if SEC will not conduct an investigation on this case, Broco will.”

The company will be attempting to get its accounts unfrozen, he said, and
will fight to clear its name.

The SEC was unavailable for comment.

Dan Worth, V3.co.uk, Thursday 18 March 2010 at 13:07:00

Fraud detection firm Ethoca today announced the launch of new free service
designed to help retailers avoid chargeback and card-not-present (CNP) fraud.

The new free service is based on Ethoca’s 360 Signals technology, which works
by checking online transactions in real-time against the Global Fraud Alliance
(GFA) repository. This database comprises over 500m historical transactions
compiled by Alliance members.

Ethoca360 Signals then identifies any matches or patterns its finds through
colour-coded “Warning Signals”. Those that indicate fraud risk are flagged up as
“negative signals”, while good transaction histories create “positive signals”.

The new service launched today makes the “negative signals” part of the
technology available for free, helping firms identify any previous history of
chargebacks, fraud and data inconsistencies linked to a current order.

The company said it decided to make it freely available to all online
merchants in an effort to broaden industry collaboration and stem online fraud
losses.

Ethoca chief executive and co-founder Andre Edelbrock said that the new
service would help growing numbers of online merchants to spot high-risk
transactions by cross-referencing details with the GFA database.

“By collaborating on a global scale, online merchants have the ability to
make fraud a problem of the past, and by making our Negative Signals service
available for free, we are one step closer to making that happen,” he said.

The issue is a growing one for the e-commerce space with VeriSign
reporting
yesterday that 11 per cent of the UK’s online population fell victim to
fraud last year, with individuals losing on average £352 each.

Iain Thomson in San Francisco, V3.co.uk, Tuesday 16 March 2010 at 23:31:00

The US Securities and Exchange Commission (SEC) has accused a Russian man of
illegally manipulating share prices by hijacking people’s online trading
accounts.

Valery Maltsev, who runs a firm called BroCo, is accused of stealing the
login details for online share trading accounts and then using them to place
orders for stock in which he had already taken a position.

Between August 2009 and December 2009 orders were placed at either a higher
or lower price than was publicly quoted, enabling Maltsev to make a profit in
two different ways, according to the SEC’s
court
filing.

“These transactions have created the appearance of legitimate trading
activity and have artificially affected the prices of at least 38 issuers,” the
Securities and Exchange Commission said in court filing.

“Immediately or shortly thereafter, the defendants capitalised on the
artificially inflated share prices of the targeted securities by selling the
shares previously acquired in their account.”

The Commission added: “In other instances, the defendants profited by
covering short positions previously established in their account while placing
unauthorised sell orders through the compromised accounts at substantially lower
prices.”

The filing gives details of one such case where the price of stock in
Pennsylvania-based financial services company AmeriServe Financial was
manipulated using the hacked accounts on 21 December 2009.

On that day share dealing in the company rose twenty-fold as the accounts
were ordered to buy stock, which was sold to them by BroCo.

“Broco grossed $141,500 (£92,900) in approximately 15 minutes, realising a
net profit of $17,760,” the SEC said. The hacked accounts lost $20,355 in the
transactions.

The scheme is estimated to have netted Maltsev $255,532 and cost the people
whose accounts had been hacked $603,000. Some people suffered increased losses
because Maltsev liquidated their existing holding to buy his shares, the
complaint alleges.

A judge has now frozen the assets of BroCo and has stopped the money from
being withdrawn.

Shaun Nichols in San Francisco, V3.co.uk, Tuesday 16 March 2010 at 01:52:00

McAfee has launched a new service aimed at easing fears over enterprise cloud
computing services.

The new Cloud Secure platform will offer vendors a combined security and
certification service based on its Smart Protection Network. The service will
combine the Smart Protection Network with certification standards, auditing and
daily security scans.

Marc Olesen, senior vice president and general manager of
software-as-a-service at McAfee, told V3.co.uk: “It is really about
driving a greater deal of confidence.

“Most cloud providers today are doing annual security audits. We feel like
that is a great start, but it’s not enough.”

The company said that the service was just as much about providing peace of
mind for customers as providing protection for cloud security vendors.

Security concerns have
become
a major worry for cloud computing services because many enterprise users
have become wary about the risk of data theft and breaches from hosted
services.

McAfee is hoping to allay those worries by providing a security platform and
certification, which can be displayed to customers. Additionally, the company is
working with the Cloud Security Alliance to obtain a Secure Trust mark.

“It is about giving customers of cloud providers confidence,” said Olesen.

“When customers see that a cloud provider is secured at a level that the CSA
supports, they know what they’re getting.”

Phil Muncaster, V3.co.uk, Wednesday 10 March 2010 at 10:21:00

Online banking losses and phishing attacks both recorded double-digit growth
last year as UK customers continued to fall victim to online scams, according to
figures released today by The UK Cards Association and Financial Fraud Action
UK.

The two organisations reported a year-on-year increase in online banking
losses to £59.7m in 2009, while phishing attacks rose by 16 per cent to reach
over 51,000 during the period.

The increases are down to criminals using more sophisticated ways of
targeting online banking customers, infecting PCs with malware rather than
trying to attack back-end banking systems.

Stephen Ley, a partner in the payment team at consultancy firm Deloitte,
argued that increased online banking fraud should be seen in the context of a
rapid increase in the use of the systems.

“In the next year, clear customer information from banks will remain key to
reducing fraud further. A better educated consumer is less likely to fall foul
of phishing attacks,” he said.

“Customers need to protect themselves on their computer, remaining vigilant
and using good security software.”

There was some good news for the e-commerce and banking industries. Phone,
internet and mail order fraud, taken together as card-not-present fraud, dropped
19 per cent from £328.4m to £266.4m.

The figure represents the first drop over a 12-month period, and could be
down to the increasing use of sophisticated fraud screening detection tools by
retailers and banks, as well as continuing growth in the use of MasterCard
SecureCode and Verified by Visa authentication systems.

Shaun Nichols in San Francisco, V3.co.uk, Tuesday 9 March 2010 at 02:21:00

The interest in prime time TV has become a favourite lure as of late, say
experts.

Researchers are reporting that Sunday’s Academy Awards and the upcoming
premieres of new television shows are being targeted in search engine
optimisation (SEO) attacks.

Security firm Sophos reported on Sunday that malware writers had loaded up
their web pages with keywords relating to the awards in order to achieve higher
placement in search results.

Upon visiting what they believed to be news sites about the awards, users
were then subjected to a fake anti-virus scam which attempts to trick users into
purchasing phony security software.

The Oscars were not the only bit of television programming being used to
foist malware on users. Researchers with Sans reported that a similar fake
antivirus scam was targeting searches for “Billy The Exterminator.” The reality
show follows a popular pest control expert and is set to premiere in the US
tonight.

The targeting of current events and news items for malware infection has
become a favourite technique for web-based malware attacks. Malware writers have
long sought to lure in victims by capitalizing on interest in natural disasters,
news events and cultural phenomena.

In recent years search engine optimisation has also
become
a favourite tactic as malware writers have sought to tailor their attack
pages to current search trends.

David Neal, V3.co.uk, Monday 8 March 2010 at 13:02:00

The majority of people think that internet access is a ‘fundamental right’
for everyone, according to a new report conducted for the BBC World Service.

The survey of 27,000 people showed that four out of five adults across the
globe think that they deserve access to the internet.

Around 87 per cent of those with internet access said that the web should be
‘the fundamental right of all people’. The number was slightly lower for those
without internet access at 71 per cent.

The belief was even greater in certain geographical areas. Some 96 per cent
of people in South Korea believe that web access is a right, and 94 per cent in
Mexico.


Around 78 per cent of respondents said that the internet gives them greater
freedom, 90 per cent said that it is an important educational tool, and 51 per
cent cited the need to access social networking sites like Facebook and MySpace.

However, almost half of web users are concerned about privacy issues, and 65
per cent are worried about expressing their opinions online. This was most often
seen in South Korea (70 per cent), France (69 per cent), Germany (72 per cent)
and China (55 per cent).

Online fraud is also an issue for many people, according to the survey, and
just under a third said that this is what worried them most.

The survey was carried out by GlobeScan to support a new range of programming
on the BBC World Service.

“Despite worries about privacy and fraud, people around the world see access
to the internet as their fundamental right. They think the web is a force for
good, and most do not want governments to regulate it,” said GlobeScan chairman
Doug Miller.

V3.co.uk, Thursday 4 March 2010 at 02:40:00

Graham Cluley of Sophos discusses some of the trends and emerging threats the
company is seeing in 2010.

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 3 March 2010 at 20:27:00

Anti-spam vendors got something to cheer about Wednesday with the release of
the latest Virus Bulletin (VB) spam test.

The security publisher said that all 16 of the products tested were able to
pass and earn the VB certification.

The test pitted the spam filters against a package of more than 250,000
emails both legitimate and spam. Vendors were graded on both the ability to
block spam messages and “false positive” situations where legitimate e-mails are
marked as spam.

Testers found that even when the false positive rate was tripled and
subtracted from the blocked rate, each of the products had a better than 96 per
cent ranking. Among the best performers were Symantec’s Brightmail, Microsoft
Forefront, M86 MailMarshall and Sophos Email Appliance.

VB test director Martijn Grooten cautioned that while each of the tested
products passed the certification, users should still be weary when purchasing
their security and anti-spam applications.

“This doesn’t mean that no bad products exist. After all, we only test
products that developers have chosen to submit to us,” he noted.

“But it does go to show that there is plenty of choice available to
customers, as well as a healthy amount of competition for product developers.”

Phil Muncaster, V3.co.uk, Saturday 27 February 2010 at 15:53:00

One of the criminal masterminds behind the infamous DarkMaket site built to
allow cyber criminals to collaborate on online scams, has been sentenced to
nearly five years in jail, according to widespread reports.

Renukanth Subramaniam, 33, was sentenced at Blackfriars Crown Court to 46
months for conspiracy to defraud and 10 months for five counts of mortgage
fraud.

John McHugh, 66, of Doncaster, South Yorkshire, was jailed for two years for
conspiracy to defraud after being caught using the site under the alias
‘devilman’.

According to an Associated Press report, Judge John Hillen said: “Criminals
should learn from this case that, even in cyber space, there is no hiding place.
“

The case was brought after an international investigation involving the UK’s
Serious Organised Crime Agency (Soca) and the FBI during which undercover
officers infiltrated the site which has since been dubbed a ‘Facebook for
fraudsters’.

Soca alleged that Subramaniam set up DarkMaket in November 2005, offering an
“invitation-only service” for criminals to buy and sell stolen credit card
details and “anything else they needed to commit financial crime”.

The site was shut down in 2008, having enabled deals which led to scams worth
tens of millions of pounds and generating over 60 arrests, said Soca.

“The key to investigations of this sort is finding the evidence to connect
the online persona with a living breathing person,” said Sharon Lemon, deputy
director of Soca, at the time Subramaniam pleaded guilty.

“Subramaniam went to great trouble to hide his activity. He seems to have
thought that carrying data around on memory sticks and using internet cafés
would somehow protect him from scrutiny. He was wrong.”

Phil Muncaster, V3.co.uk, Friday 26 February 2010 at 14:57:00

Web security firm Network Intercept today announced the UK launch of its
Secure-Me
online security and privacy solutions, promising faster browsing and increased
protection from identity theft.

Secure-Me, which is being sold in the UK through its namesake reseller, fires
up a secure web browser which encrypts all traffic travelling to and from a
user’s device.

The software also features malware scanning and file encryption capabilities
and virtual keyboard and keystroke interference software to thwart hardware and
software key-loggers, according to Network Intercept chief marketing officer
Jennifer Borun.

“Banks are talking about buying the chips or the application and passing them
on free to their customers,” she said.

“The challenge is that the liability [for fraud] is on the shoulders of the
bank or business, but responsibility is in the hands of the user, so this is
another way to help the banks and other companies get a hold on security.”

The solution can be bought on a USB device for PC and Mac which works on
Windows XP, Vista, Windows 7 and Mac OS X, or downloaded for Android, iPhone,
Symbian and Windows Mobile platforms and PC desktops.

“Secure-Me offers protection for users no matter where they are – on the
desktop, mobile phone or in an internet café,” said Borun.

All updates are pushed down to the application from the cloud, while zero-day
threat protection is enhanced by functionality which sends any risky looking
files to the cloud where they are executed remotely in a quarantined
environment.

A spin-off benefit of the proprietary data compression technology used in the
product means that browsing speeds can be improved by as much as three times,
according to Network Intercept.

Phil Muncaster, V3.co.uk, Tuesday 23 February 2010 at 17:16:00

Web authentication firm VeriSign today launched a new service designed to
offer e-commerce firms that do not need SSL certificates a new way to secure and
build greater consumer trust in their sites.

VeriSign
Trust Seal has been created specifically for companies, usually at the
smaller end of the e-commerce market, that do not require the vendor’s SSL
service and trust mark because they outsource transactions to a third party.

Organisations that buy the service will be able to display VeriSign’s
familiar checkmark logo alongside the words ‘VeriSign Trusted’, and will
therefore attract customers by showing that they are not a scam or phishing
site, the firm said.

“Reputation is vital to the success of the growing number of small to medium
sized businesses [SMBs] competing in the online marketplace, and trust is a key
component for protecting brand reputation and increasing consumer confidence,”
said Ray Boggs, vice president of SMB research at analyst firm IDC.

“VeriSign’s brand recognition will extend to the new VeriSign Trust Seal to
help SMBs communicate trust and safety to customers and prospects.”

The service also includes a new site scanning service, offered by a
third-party provider, which will let administrators keep sites free from malware
and the ‘drive-by download’ attacks such malware can enable.

VeriSign claimed that the service could also keep sites from being
blacklisted by browsers, search engines and anti-virus software.

Firms could also benefit in the future from tie-ins with third-party search
engines, according to VeriSign. The engines will recognise and display the Trust
Mark alongside the relevant entry, allowing the e-commerce sites which have
signed up to differentiate and display their security credentials.