I may have used this headline before but unfortunately I seem to be all too frequently reporting on lucrative scams.
This week’s scary story is from Panda Security (ahhh…I love pandas - even though they are deceptively aggressive) who say that 30 million Windows PCs have been infected with a fake antivirus program which tempts prey in to handing over money to fix non-existent security issues. (Link)
The company have tracked 7000 variants of this type of malware in the last year. Dominic Hoskins, who is ‘country manager’ of Panda Security UK elaborated:
“The information we have at present suggests that some 3 per cent of these users have provided their personal details in the process of buying a product that claims to disinfect their computers. In fact, they never even receive the product. Extrapolating from an average European price of €49.95, we can calculate that the creators of these programs are receiving more than €10 million per month".
What a horrible extrapolation. But Graham Cluley from Sophos disagrees:
"They've then taken Forrester's estimate of how many computers there will be by the end of 2008 and extrapolated that there must - therefore - be 30 million computers infected by fake anti-virus. That's quite a jump, and I think a flawed one."
Because this particular scam attempts to scare inexperienced users in to handing over money to secure and save their PC, such malware has been labelled scareware. Cute. I wish I could come up with something catchy like that.
CAPTCHAs caught again
Mind you, I’m not sure about this one. CAPTCHAs are probably something we’re all familiar with – a graphic of jumbled letters and numbers that you have to interpret when trying to enter information on some websites. Their purpose is to ensure that you are a legitimate human user and not some computerised bot trying to scam people.
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Like the new Scooter and Status Quo single, it’s hard to tell if this is the best or worst thing ever.
But that’s beside the point. The story here is that the latest CAPTCHA technology has been busted by scammers leading to an upsurge in spam coming from webmail accounts.
(Link)
The Register reports that both men and machines are being employed to break the CAPTCHAs with workers in India being paid $4 an hour.
Defeating scammers is a continuously moving target.
The Storm has passed
Well, check this out! Security experts say that the infamous Storm botnet is no more! At the height of its powers Storm was said to be responsible for 20% of the world’s junk emails with recently revised studies suggesting that the number of compromised computers was between 500,000 and 1m. (Link)
Phil Hay at security company Marshal says:
"It became the most successful botnet of its type and established the basic template for developing a spam empire that other botnets have since copied. Whoever was behind Storm really set the benchmark at the time for the kind of scale that was achievable with a spambot.”
They say that the best referees in sport are the ones you don’t notice. Well in the world of botnets, the best ones are also the ones not noticed. The high profile of Storm led to its undoing with steps taken by Microsoft eventually whittling down market share to 2% until its seeming undoing this month.
But the bot may not be gone yet. Some security watchers are suggesting that even though it is currently inactive, it may return more potent than ever. And you have no idea how much I really want to use an eye of the storm joke.
Oh.
How to vote Democrat in South Carolina
I’ll be keeping an eye on any email scams relating to the upcoming US Election (on my birthday, incidentally – please don’t be shy; you won’t offend me with cheques).
I quote the following from this islandpacket.com blog.
“URGENT WARNING ABOUT REPUBLICAN TRICKS!
Some really bad people are sending emails that say not to vote a straight Democratic ticket in SC. Some say that your vote won’t count for Obama if you vote a straight Democratic ticket, or that pushing the Democratic button will cancel your vote. Some of them even PRETEND to come from the Democratic Party.
THOSE EMAILS ARE NOT TRUE!!”
Ok, got that? If someone sends you an email and says that voting for the Democrats will not actually register a vote for the Democrats then you should be kind of suspicious. I’m sorry but the only demographic who would be fooled by this is the older, less computer-savvy one. And if they are older then they’ve probably voted in about 15 elections. I think they’ll work it out.
