Welcome to our February "Cybercrime Trend Newsletter." This month we as the questions: "Are you a spammer?" "Is your computer compromised and sending out spam without your knowledge?"
This month's newsletter is designed to educate you on spam. You'll learn the latest information including where spam comes from, how it works and what you can do to prevent becoming a victim.
All Internet security companies agree every bit of spam comes from compromised computers. These computers are a part of a botnet. The computer has been attacked, infected and is now a part of the botnet hackers use to send out spam. These compromised computers can, also, be used to steal personal information, for distributed denial of service attacks and more.
If you think spam attacks were bad in 2009, just wait until 2010 gets going
Will 2010 be the Year of Spam?
In its 2009 Annual Security Report, the networking gurus at Cisco predict that worldwide spam volumes will increase by 30 or 40 percent over 2009 levels. So get ready for a fresh glop of discounted penile-enhancement pills, strange women "winking" at you through nonexistent dating sites, and faux Nigerian princes promising $100 million waiting for you overseas. The hardest hit by this gush of obnoxiousness will be social networking sites, especially the king of them all: Facebook
Practically every day, the messages find their way into the in-box, typically at least one or two per day -- obvious spam scams.
- 70% of respondents consider spam "extremely significant" or "significant" for their security operations.
- Over 25% of respondents said spam accounted for less than 10% of helpdesk calls.
- ESPs consider spam prevention as a "competitive advantage" to attract and retain customers. However, spam is not a 'critical factor".
Here's the deal: Spam scams, which are pretty obvious, will often make their way into your in-box even though you have a filter system set up. Until someone invents the perfect spam filter, this is the unfortunate reality. The best solution? Hit the delete button.
Most e-mail programs also have a "Junk Mail" button, but unfortunately, there's always a new one coming in.
You can often tell a spam scam by the e-mail subject line, which is oftentimes blank, labeled important, announces that you have won the lottery or is written in Russian or another language you don't recognize.
Rosemarie Grabowski
Computer Security Specialist
Monday, February 8, 2010
Friday, January 8, 2010
Your Computer May Be Nothing More Than A Virus “Factory”
Let's face it…we all love the internet! To be on line we must have adequate protection for our computers. Things aren't like they used to be. By the time you're done reading this, viruses will have invaded 22,378 computers. This happens every 90 seconds.
Look, I’m not trying to scare you. My mission is to inform and educate you of how extreme the situation is. You desperately need to read every word on this page and then request my FREE REPORT that will share with you my step-by-step “play book” to put an end to these nasty intruders once and for all.
Wait a second…over 22,000 computers every 90 seconds?!?!?!
With these types of numbers you have to be protected. Not just any protection will do. That's why I'm writing you today.
Grab your free report....and much more....
http://www.computerprotectionsecrets.com/
No fine print. No gimmicks. Get piece of mind right now. . . .
Rosemarie Grabowski
Look, I’m not trying to scare you. My mission is to inform and educate you of how extreme the situation is. You desperately need to read every word on this page and then request my FREE REPORT that will share with you my step-by-step “play book” to put an end to these nasty intruders once and for all.
Wait a second…over 22,000 computers every 90 seconds?!?!?!
With these types of numbers you have to be protected. Not just any protection will do. That's why I'm writing you today.
Grab your free report....and much more....
http://www.computerprotectionsecrets.com/
No fine print. No gimmicks. Get piece of mind right now. . . .
Rosemarie Grabowski
Tuesday, November 10, 2009
PCI Council Releases Recommendations For Preventing Card-Skimming Attacks
New best practices are aimed at helping retailers -- especially small merchants -- but security experts say skimming risk runs deeper.
Aug 25, 2009
03:51 PM - By Kelly Jackson Higgins, DarkReading
The PCI Security Standards Council (PCI SSC) today unveiled best practices for retailers to defend themselves against the growing number of credit- and debit-card skimming scams.
Skimming credit- and debit-card data is becoming a popular way for cybercriminals to steal credit and debit card account numbers and execute financial fraud against grocery stores, gas stations, convenience stores, and other retailers and their customers, who are increasingly falling victim to hijacked card readers and ATM machines. Skimming occurs either by a malicious insider at the retail point-of-sale capturing the customer's card data, or more commonly by someone physically rigging a reader with a sniffer-type device to capture the data, which is then transmitted to the bad guys remotely.
"Skimming is becoming a widespread problem. These are guidelines for what retailers should be looking at" with their reader devices, says Bob Russo, general manager of the PCI SSC. "We discuss different techniques for protecting those point-of-sale devices."
But security experts say the council's skimmer protection guidelines are more a symptom of the already-broken system of credit and debit cards. "The concept of a 'credit card' as it exists today is the problem: If credit cards were cryptographic devices rather than just numbers, then none of these threats would be a problem," says Chris Paget, a security researcher. "The technology exists to implement this today and to completely eliminate credit card fraud, but it seems there's too much money being made from fraud for the card issuers to care."
Paget says the PCI guidelines are missing two key elements of this type of fraud: a malicious merchant stealing the data, and equipment tampered with at the factory. "If the person you give your card to at a restaurant has their own card skimmer, you're just as vulnerable," he says.
Legitimate card-reader equipment is also being compromised at the factory, so when merchants receive their new terminal, it could arrive rigged. "[The guidelines] do not address the case of legitimately purchased equipment that was tampered with at the factory, nor the case of a software-only addition to an ATM or card reader," says Paget, who himself fell victim to an ATM scam in Las Vegas during the Defcon17 conference.
Rob Enderle, principal analyst with The Enderle Group, says the PCI's guidelines illuminate how existing scanner technology can't protect consumers' data. "This document strongly showcases that the technology currently being used by merchants is inadequate for the task of protecting customer or the merchant. There are simply too many ways this can be relatively easily compromised," Enderle says.
Scanners should at least contain intrusion protection technology that disables the hardware if it gets opened, as well as a trusted platform module to encrypt the data and data stream, and a way to sound an alarm if a security event occurs on the devices, he says.
"This coupled with the requirement that the customer, not the service provider, scan the card to protect against illicit portable scanners," he says.
The PCI Council's "Skimming Prevention: Best Practices for Merchants" guidelines, meanwhile, include a risk assessment questionnaire and self-evaluation forms to help retailers gauge their susceptibility to these types of attacks and to determine where they need to shore up their defenses. The guidelines cover how to educate and protect employees who handle the PoS devices from being targeted, as well as ways to prevent and deter compromise of those devices. They also detail how to identify a rigged reader and what to do about it, and how physical location of the devices and stores can raise risk.
The guidelines are geared to be used in conjunction with the PCI's PIN Entry Device Security Requirements, which specifies how to secure PIN devices.
PCI's Russo says the guidelines are for all sizes of retailers, but are especially geared for helping mom-and-pop retailers: "A small merchant that makes pizza isn't going to know much when someone with a terminal shows up with a business card and says he's there to put in a replacement, but is doing something [malicious] with it and leaving it there," PCI's Russo says.
Among some of the information in the guidelines is how to look for signs of physical tampering and how to monitor the device for that. "Write down the serial number on your terminal and look at what the terminal looks like. Does it have seals on it? A label on the back? What color wires go to it?" he says. "Once a quarter, take a look at it and make sure it's intact."
"Most of this stuff is common sense, and that's where most of the fail happens," adds Michael Rothman, senior vice president of strategy at eIQnetworks. "But in reality, skimming defense is really more about process and education. People on the front lines need to know what to look for -- and that is a huge challenge. But it always has [been]."
But skimming is typically more about adding a layer to the existing device that can't be detected, he says, so the guidelines may not be effective in those cases.
Meanwhile, Paget says credit card companies need to wake up. "Credit cards as they exist today are the financial equivalent of a Telnet login session over the Internet. It's about time the dominant payment infrastructure upgraded to SSL [Secure Sockets Layer] and got rid of all of these attacks -- and more -- at once," he says.
http://www.myinvisusdirect.com/Rgrabowski
http://www.darkreading.com/vulnerability_management/security/government/showArticle.jhtml?
articleID=219401468&cid=RSSfeed
Friday, November 6, 2009
What is Computer Forensics?
Since you may be considering becoming a computer forensic professional, the first question you want clarified is “what is computer forensics”. It is important to fully understand the computer forensics definition in order to determine if you would enjoy the field and be successful in it.
Computer forensics, also known as ‘digital forensics,’ is a term used to describe a new field that involves the intersection of digital evidence and the law. Computer forensics is the process of identifying, preserving, and analyzing data and technical items for evidence that will be used in court.
Forensic examiners typically analyze data from personal computers, laptops, personal digital assistants, cell phones, servers, tapes, and any other type of media. This process can involve anything from breaking encryption, to executing search warrants with a law enforcement team, to recovering and analyzing files from hard drives that will be critical evidence in the most serious civil and criminal cases.
The forensic examination of computers, and data storage media, is a complicated and highly specialized process. The results of forensic examinations are compiled and included in reports. In many cases, examiners testify to their findings, where their skills and abilities are put to ultimate scrutiny.
Computer Forensics
In today’s world, career-bound individuals are looking for a field that offers job stability as well as a sense of fulfillment. Every day newspapers are filled with stories of company downsizing, layoffs and declining economic trends. While we feel bad for the people it affects, most of us are also thinking “I hope that never happens to me."
While many fields seem to be downsizing and outsourcing, there is one relatively new field – an exciting field that combines the law, technology, and a little “CSI," that continues to grow at a rapid pace. This field is called ‘computer forensics’; the practice of identifying, preserving, and analyzing digital evidence for use in court.
Why is the field of computer forensics growing at a rapid pace?
Computers are Everywhere
There are several reasons for this field’s growth; the most significant being that computers are everywhere. You’d be hard pressed to find a household today without at least one computer. And it is not just computers that computer forensic examiners get involved with. Computer forensic examiners analyze all types of technical devices. Look around you while you walk down the street – people are on their cell phones, using iPods, PDAs, and text messaging. Computer forensic examiners analyze all of these electronic devices!
Most Disputes are Between People Who Know Each Other and Communicate Using Technology
Another reason for the significant growth in the computer forensic field is that most disputes, civil or criminal, are between people who know each other and interact using technology including email, cell phones and text messaging. That leads to a significant amount of potential evidence. Similarly, law enforcement officers are encountering technology at almost every turn and in every type of crime. That is an issue being dealt with on a local, state, and federal level right now.
The Internet is Ubiquitous in Nature
Another reason for the growth is the Internet’s ubiquitous nature. Internet users have vast amounts of information available to them in seconds. It is a tremendous resource, but with all good things there are negatives, and the increase in Internet use and availability has created an increase in criminal activity like hacking, cyber-terrorism, identity theft, theft of intellectual property, fraud, and child exploitation. Significantly, criminals think they are anonymous online and won’t be caught. This only increases the amount of criminal activity.
Large Companies Fear the Loss of Intellectual Property
An additional explanation for the expansion in the field is that large companies, particularly those that are publicly traded or store large amounts of private customer data, fear the large-scale loss of that intellectual property. These companies fear the ramifications from federal oversight/regulatory agencies like the Securities and Exchange Commission, Federal Trade Commission and Internal Revenue Service. The fines and potential criminal penalties imposed for violations of various statutes designed to protect individuals and consumers can be huge. The lawsuits can be worse. Thus, companies are going to extreme lengths to protect the integrity of their data, particularly intellectual property, and learn about how to prevent the destruction or theft of that information.
The Computer Forensic Field has Become a Lucrative Business
Finally, and perhaps most importantly, the computer forensic field has bloomed into a very lucrative business. Litigation costs for the production of e-discovery can be in the hundreds of thousands of dollars. Why, you may ask? What is known as the “CSI Effect," which is that juries and judges want to see tangible evidence before they make a decision about who is responsible in a legal dispute. With advances in technology, computer forensic examiners are often hired to use highly specialized techniques to retrieve and present that evidence in court. Oftentimes, this evidence is powerful when properly preserved and analyzed. Document examiners, lawyers, litigants, forensic examiners, and consultants are all capitalizing on this new business.
computer forensics states
http://www.computer-forensics-recruiter.com/home/growing_field.html
Friday, October 30, 2009
New Ways to Attack Our PC's
PC World 
Cyber criminals are finding new ways to steal information, including infecting legitimate Web sites with Trojans and creating rogue software packages that look legitimate but contain malware, cybersecurity experts warned.
Recent months have seen a rise in sophisticated attacks, also including so-called spear phishing, an e-mail scam targeted at a small group of people, a group of cybersecurity professionals said Tuesday at a TechAmerica cybersecurity forum in Washington, D.C. Spear phishing is a form of the common phishing scam, but instead of a fake e-mail that looks like it comes from a bank or e-commerce site, it instead looks like it comes from someone you know, such as an executive at your company.
Cyber criminals are now focusing on compromising trusted sources of information, by installing Trojans on legitimate Web sites or faking e-mail messages from people known to would-be victims, asking them for personal information, said Eric Cole, cybersecurity senior fellow at Lockheed Martin. In early 2007, two Web sites affiliated with the Miami Dolphins football team were compromised with malicious code, and earlier this year a site affiliated with rock star Paul McCartney contained malicious code.
There are tens of thousands of other legitimate Web sites infected with malware, said Uri Rivner, head of new technologies for consumer identity protection at RSA Security, a cybersecurity vendor. RSA is seeing a recent spike in compromises from the password-stealing Torpig or Sinowal Trojan, around since mid-2007, largely due to infected legitimate sites, he said.
The rule "used to be, 'don't go to the bad part of the Internet,'" Cole said. "'Don't go to those evil parts where bad things are happening.' I don't think most of us ... consider Paul McCartney a bad site."
Microsoft has seen a "tremendous rise" in rogue software being downloaded in the past year, said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. In many cases, the rogue software is disguised as antivirus software and tricks people into downloading it by telling them they have viruses on their computers, he said.
Web users should only download cybersecurity software from a trusted source, he said.
Cyber criminals are also turning to the help-wanted ads and e-mails to recruit unsuspecting helpers to launder money, Rivner said. These work-at-home schemes offer people lucrative jobs if they supply a bank account to process payments for a company or charity, he said. In reality, the payment processors are serving as middlemen in money-laundering schemes, with the money coming from compromised bank accounts.
One job offer River received by e-mail said he could work three hours a day for US$3,000 a week. The lesson is, if it sounds too good to be true, it probably is, Rivner said.
"Lots of people in this bad economy are applying for these types of ads," he said. "A lot of people answer these ads on a daily basis."
Thursday, October 29, 2009
Looking For A Simple Easy Way To Work Or Play On Our Computer.
It is important that every individual, family and business have a computer repair service plan in place to protect themselves from these cyber terrorist.
A slow running computer or a computer that crashes frequently may be a sign of Malware (Trojans, viruses, worms, and other malicious code) on your computer. These hacker tools not only can be used to steal sensitive information from your computer they slow your computer down or even cause computer crashes. Unfortunately, traditional over-the-counter computer protection products don’t keep up with this growing problem. If they did would we continue to have these problems?
Over the last three years there’s been a huge shift from curious hackers to professional hackers creating devious methods to steal proprietary information from computers like yours. This evolving threat is costing individuals and businesses tens of billions of dollars every year. V. McNiven, an advisor to the U.S Department of treasury has stated, “The proceeds from cyber are now greater than the sale of illegal drugs.
These evil hackers continue to find more devious ways of stealing financial and proprietary information. It is important that every individual, family and business have a computer repair service plan in place to protect themselves from these cyber terrorist.
You might be surprised to learn that computers that don’t go online are vulnerable through file sharing from infected flash drives, cds and floppies. These devices, when infected, can install scrambling software or logic bomb software that opens up the possibility of extortion to get your proprietary information back
2007 PC Magazine survey of 42,000 PCs worldwide released last September showed the top speed killers. The problems included
Over 52 percent of the PCs surveyed were clogged up with spyware
· Over 60 percent of the PCs surveyed had un-optimized Internet settings slowing the Internet down and even signaling that spyware and other malware have secretly stolen portions of your bandwidth to run on your PC.
· Surveyed computers also contained an average of twelve serious registry problems per unit that may have been caused by spyware and other malware.
Incredible, many of these computers are supposedly protected by the over-the-counter products that aren’t doing what they promise to do. So how can individuals and small businesses protect against identity theft, fraud and extortion? How can they get their computers back to running like new again?
Here are six crucial steps to protecting your computer and making it fun and productive again:
1. Keep your computers patched. Microsoft has automatic patch updates. Make sure are signed up to receive them.
2. Use professional enterprise grade anti-virus and anti-spyware at the email and web gateways. Install a professional grade by-directional firewall to guard against backdoor threats.
3. Use sender-authentication technologies, such as Sender Policy Framework (SPF) to make phishing far more difficult since – In theory – phishers will only be able to send their spam from “unapproved” domains.
4. Develop and enforce a password policy. This will make passwords difficult to be guessed. Use a different password for each situation. Make sure these passwords are changed frequently. If you use one password for every web site, for example, and a phisher manages to steal it, all of your online activity is at risk. Sophos, an enterprise grade Internet Security Company, recently conducted a business poll and discovered 41 percent of the respondents were using the same password for all web sites.
5. Keep an eye on the advice from organizations promoting safe computing. Many of their web sites will list the latest threats, and give advice on how to protect your home and business against them.
6. Always report suspicious activity.
Just as important, find a computer repair service that offers “Personal Computer Services.” Your personal computer service should include online repair at no additional cost. The end result: hassle-free computing making being on the computer fun and productive again. With the right computer repair service, using computers at home and at work should be hassle-free allowing you to focus more on your home and business activities.
http://www.myinvisusdirect.com/Rgrabowski
A slow running computer or a computer that crashes frequently may be a sign of Malware (Trojans, viruses, worms, and other malicious code) on your computer. These hacker tools not only can be used to steal sensitive information from your computer they slow your computer down or even cause computer crashes. Unfortunately, traditional over-the-counter computer protection products don’t keep up with this growing problem. If they did would we continue to have these problems?
Over the last three years there’s been a huge shift from curious hackers to professional hackers creating devious methods to steal proprietary information from computers like yours. This evolving threat is costing individuals and businesses tens of billions of dollars every year. V. McNiven, an advisor to the U.S Department of treasury has stated, “The proceeds from cyber are now greater than the sale of illegal drugs.
These evil hackers continue to find more devious ways of stealing financial and proprietary information. It is important that every individual, family and business have a computer repair service plan in place to protect themselves from these cyber terrorist.
You might be surprised to learn that computers that don’t go online are vulnerable through file sharing from infected flash drives, cds and floppies. These devices, when infected, can install scrambling software or logic bomb software that opens up the possibility of extortion to get your proprietary information back
2007 PC Magazine survey of 42,000 PCs worldwide released last September showed the top speed killers. The problems included
Over 52 percent of the PCs surveyed were clogged up with spyware
· Over 60 percent of the PCs surveyed had un-optimized Internet settings slowing the Internet down and even signaling that spyware and other malware have secretly stolen portions of your bandwidth to run on your PC.
· Surveyed computers also contained an average of twelve serious registry problems per unit that may have been caused by spyware and other malware.
Incredible, many of these computers are supposedly protected by the over-the-counter products that aren’t doing what they promise to do. So how can individuals and small businesses protect against identity theft, fraud and extortion? How can they get their computers back to running like new again?
Here are six crucial steps to protecting your computer and making it fun and productive again:
1. Keep your computers patched. Microsoft has automatic patch updates. Make sure are signed up to receive them.
2. Use professional enterprise grade anti-virus and anti-spyware at the email and web gateways. Install a professional grade by-directional firewall to guard against backdoor threats.
3. Use sender-authentication technologies, such as Sender Policy Framework (SPF) to make phishing far more difficult since – In theory – phishers will only be able to send their spam from “unapproved” domains.
4. Develop and enforce a password policy. This will make passwords difficult to be guessed. Use a different password for each situation. Make sure these passwords are changed frequently. If you use one password for every web site, for example, and a phisher manages to steal it, all of your online activity is at risk. Sophos, an enterprise grade Internet Security Company, recently conducted a business poll and discovered 41 percent of the respondents were using the same password for all web sites.
5. Keep an eye on the advice from organizations promoting safe computing. Many of their web sites will list the latest threats, and give advice on how to protect your home and business against them.
6. Always report suspicious activity.
Just as important, find a computer repair service that offers “Personal Computer Services.” Your personal computer service should include online repair at no additional cost. The end result: hassle-free computing making being on the computer fun and productive again. With the right computer repair service, using computers at home and at work should be hassle-free allowing you to focus more on your home and business activities.
http://www.myinvisusdirect.com/Rgrabowski
Subscribe to:
Posts (Atom)
