Ever wondered where all your spam comes from? The Marshal TRACE team reckon they have found out, and the answer is pretty much a total of just six botnets. Indeed, Marshal reports that these six botnets account for the distribution of a staggering 85 percent of all spam at the moment.

The trouble is that the actual botnets doing most trade, and the actual botnets involved per se, tends to change on a regular basis which makes nuking them a lot harder than you might imagine. For example, just three weeks ago it was the Mega-D botnet that ruled the spamming scumbag roost with a 39 percent distribution share, this week it has ‘just’ 21 percent and the Srizbi botnet is king of the (crap) heap with that 39 percent figure. The fluctuation has a lot to do with the discovery and subsequent active protection against the malware which provides these botnets with their zombie PCs. In the case of Mega-D, for example, as soon as researchers discovered that the 35,000 strong botnet was being fed by the Ozdok malware and the control servers traced back the spam distribution hit zero.

“This week, Mega-D returned again to represent 21 per cent of spam after a 10-day period of inactivity. Owing to the break, Mega-D only accounted for an average of 11% of spam during February.

I like the Black Hat conferences, not least because they always manage to produce a balanced measure of truly mind boggling security holes on the one hand and truly mind boggling self-serving smoke and mirrors on the other. I am not 100 percent sure where stories such as the RFID credit card hack fit into the balance, but there is little doubting the relevance of demonstrations such as the one which showed exactly how a determined attacker is able to hack into VMware and Xen virtualisation software while the VM is in transit between physical machines.

The security researcher in question is actually a PhD candidate from the University of Michigan, one Jon Oberheide who, if you say that quickly enough sounds like he belongs in the Star Wars movies somewhere along the line. But there is no air of science fiction about the proof-of-concept tool he demonstrated which shows how easy it is to hack into and control the VM hypervisor, as well as its applications, when a virtual machine is being migrated and use this to purloin data from those live VMs.

Oberheide reckons that his tool, Xensploit, reveals the lack of understanding when it comes to the risk involved with migrating live virtual machines. The main problem being, of course, that taking down a live system is not an option because that somewhat goes against the whole point of the dynamic availability of any VM deployment in the first place. But being aware of the risks means that measures can be taken to mitigate them, and in this case information is most definitely power.

Oberheide demonstrates that a man in the middle attack is possible while data moves in clear text during the VM migration, with Xensploit manipulating the SSHD authentication to provide the required administrative access. Route hijacking, ARP/DHCP spoofing and DNS poisoning can all play their part in such a compromise or, as Oberheide confides, even a simple passive password sniffing exercise.

And the solution? The usual to be honest, assess risks accordingly and take security seriously. Mutual authentication between hypervisors during migration, together with an encrypted data plane and a network isolated environment for the migrating VMs should do the trick

You might think, given some of the recent high profile losses of laptops and their data, that protecting commercially sensitive information is something of a mission impossible. Well according to Virtuity, a British company from Sheffield, it has the answer in an intelligent security technology called Backstopp which uses WiFi, GSM and RFID to keep tabs on your hardware and the data it contains. The clever bit, of course, is that if your laptop moves out of the area range where it is meant to be your data can self-destruct.

Now I know what you are thinking, why bother when you can simply encrypt your data and prevent anyone from getting access to it that way if you are unlucky or stupid enough to misplace the lappy. To be honest, I was thinking that as well. But Virtuity insists that its product is not meant to replace encryption, but compliment it: go beyond it even. “Even if encryption tools are deployed” the company website declares, then you cannot be “absolutely sure that the user followed the encryption protocols or that the thief is not determined or capable enough of cracking the code.” True, you cannot be 100% certain, but if you have the proper security policies in place, backed up by the proper auditing and the appropriate strength of encryption then you can be 99.9999999% sure I would imagine. Virtuity has the answer to that as well putting forward the argument of “Do you encrypt everything? Have you encrypted your email? How about cookies which provide access to your hosted email or sales tools such as Gmail or Salesforce.com? Could the thief access your internal network via a VPN connection from your machine?” OK, I give up, maybe encryption alone is not the answer, maybe you do need a little more. Something like common sense and an appropriate amount of staff security training perhaps?

I am not against the concept of a self-destructing laptop, in fact I rather like it. Especially when it is all done using the latest technologies such as this. Backstopp can use any wireless communication, most notably WiFi and GSM networks, to locate the laptop and RFID tags can be used to monitor its movements when switched off for a double whammy dose of i-know-where-you-are-itis. It is flexible enough to allow for movement to be restricted to a particular office, floor or building, as well as widening the field. Anywhere that a GSM mobile phone signal can travel is within reach of the self-destruct button.

Essentially it works by either the owner reporting the lappy as missing, or the Backstopp control centre deciding it is at risk because it has moved out of the pre-determined safety zone, to kick start the self-destruct signalling process. The data decommissioning, to be formal about things, does not rely upon the OS API but rather uses tried and tested file deletion patterns detailed in the US Department of Defence’s National Industrial Security Program Operating Manual (US DoD 5220-22.M) - it blows it up in a big time fashion in other words, and you ain’t getting that data back.

The James Bond nature of the beast is not yet done though, the software will also kick start any integrated webcam device to record photographs at timed intervals with a view to capturing an image of the thief for good measure, and this does not require the laptop to be recovered to be of use as it uploads the images invisibly (to the thief) across the network.

The best bit comes with the price, at just

According to IBM, or rather the straight out of a gangster movie sounding IBM X-Force to be precise, your web browser is under siege from organised crime gangs. The 2007 X-Force Security report details something of an expected rise in the sophistication of attacks, and an increase in the rate at which victims computers are being compromised. There is, X-Force says, a ‘complex and sophisticated criminal economy’ which has developed to capitalise on known web vulnerabilities, and underground brokers are now delivering the necessary tools to enable those who would screw you over to do just that and avoid detection by way of obfuscation or camouflage.

The report says that in 2006 only a small percentage of attackers employed camouflaging techniques. Compare and contrast with the first half of 2007 when some 80 percent of attacks did just that, and the 100% that were doing it by the end of the year. Using such by now commonplace techniques, the criminal element can all too easily infiltrate a system and compromise the data upon it. Don’t laugh this off as being just a problem for the home user either, X-Force quite rightly reminds us that when attackers invade an enterprise machine they can steal sensitive company information or use that compromised machine to gain access to other corporate assets behind the firewall.

“Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users’ experiences,” said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems. “The Storm Worm provides a microcosm of the kinds of threats users faced in 2007. All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation.”

The X-Force report also reveals that:

• The number of critical computer security vulnerabilities disclosed increased by 28 percent, a substantial upswing from years past.
• The overall number of vulnerabilities reported for the year went down for the first time in 10 years.
• Out of all the vulnerabilities disclosed last year, only 50 percent can be corrected through vendor patches.
• Nearly 90 percent of 2007 disclosed vulnerabilities are remotely exploitable.

When Lord Triesman, the parliamentary Under Secretary for Innovation, Universities and Skills, says “if we can’t get voluntary arrangements we will legislate” as he did with regard to intellectual property theft when interviewed by the BBC a few months back, you have to wonder just what the powers that be have in mind. Calling for Internet Service Providers to take a “more activist role” when it comes to illegal file-sharing might sound OK at first, but dig a little deeper and you cannot help but wonder if this is just another step towards that big brother society we seem to be tumbling headlong into. After all, Triesman himself admits that by implementing a voluntary scheme to track illegal file-shares then it would be “quite possible to know where it is happening and who it is happening with”.

Don’t get me wrong, I am not in favour of an intellectual property free for all. P2P services that exploit copyright holders by distributing their material without making any royalty payments are, as far as I am concerned, fair game when it comes to legislation and law enforcement. I am less convinced that the right way to progress is to chase after the kids using these services, or more likely their parents who usually have little idea what Johnny is getting up to in his bedroom with that laptop anyway. And I am certainly less than impressed with the notion of allowing yet another method of citizen surveillance slip stealthily in through the back door.

Certainly the Internet Service Providers Association (ISPA) is equally unconvinced about the merits of shifting the blame to the ISP, arguing that acting as the conduit for illegal peer-to-peer traffic is not the same as generating it, participating in it or profiting from it. Indeed, according to the ISPA “ISPs are no more able to inspect and filter every single packet passing across their network than the Post Office is able to open every envelope. ISPs deal with many more packets of data each day than postal services and data protection legislation actually prevents ISPs from looking at the content of the packets sent.”

And there lies the rub when it comes to legislation. Non technical types as his Lordship, despite being advised no doubt by a committee of white coat and pen protector clad numpties, are unable to see beyond the political knee jerk reaction and the media headlines. The actual implementation of any such law, or indeed a ‘voluntary’ agreement, has to take into account the technical ability to make it work. Which is why I cannot help but feel that there is more behind this than the IP copyright issue. Surely the technical committee advising him must have told Triesman that it is all but impossible to identify illegally shared copyright material from the data stream across a multitude of likely scenarios. Surely that same committee must have advised him that it would be a pretty good method of creating a nice database of personal identifying material though.

The Federation Against Software Theft (The Federation) has welcomed the news, however, insisting according to CEO John Lovelock that “The UK is rightly proud of the innovative skills of the hundreds of small companies that produce world class software solutions, but the livelihood of these firms is constantly being put at risk by Internet Service Providers freely allowing illegal distribution to take place. With the ecosystem of the British economy changing from its historic manufacturing base to more service and creative-led industries, these small companies are the lifeblood of the country. We have a duty to make sure that their intellectual property - the core of their business - is properly protected. For too long people have been flouting the law by making illegal copies of software available over the internet, at the same time they have been afforded anonymity by their internet service provider. This cannot be right, and cannot be acceptable. ISPs must get their own house in order. Hiding behind a defence that they are merely a conduit is simple not acceptable.”

Well, that’s OK then

I guess it had to happen, given the current climate of fear amongst governments in the US and UK regarding the so-called terrorist threat. Don’t get me wrong, I take the whole national security debate as seriously as the next rational citizen and am aware that terrorists are capable of perpetrating the most abhorrent of acts. However, I am also aware that governments see the current climate as being an ideal launch pad from which to bring in draconian laws that can impact upon the privacy of every citizen, good or bad. The arguments are always the same: if you’ve done nothing wrong then you have nothing to fear. I am afraid, however, that I do feel very real fear when 5 million kids have been fingerprinted and are on a database which could be used in case they do something wrong in the future. I am afraid I do feel fear that my DNA can be routinely taken and stored on a national police database even if the original arrest is proven to be in error and I am released without charge, again just in case I do something wrong in the future. And I do fear that a report by US intelligence officials which suggests virtual worlds such as Second Life are a breeding ground for international terrorists is a warning of yet more erosion of privacy that is set to come our way in the near future.

A report by the US government Intelligence Advanced Research Projects Activity group says that the anonymity and easy global access of Second Life creates a seedbed for transnational threats. “The virtual world is the next great frontier and in some respects is still very much a Wild West environment. Unfortunately, what started out as a benign environment where people would congregate to share information or explore fantasy worlds is now offering the opportunity for religious/political extremists to recruit, rehearse, transfer money, and ultimately engage in information warfare or worse with impunity.”

Yeah right, just like the evil Internet, that accursed email and those PAYG mobile phones many people use. Which of course, governments the world over are already bugging and attempting to control.

Is it just me, or does anyone else have a genuine concern that the whole global terror threat is just a smokescreen under which the state can start to monitor everyone, all the time? The UK is already the most filmed nation on the planet, with more CCTV installations watching our every move in small towns and big cities alike. Mobile phones, email, the Internet and now Virtual Worlds are all technologies that, TPTB assume, will give them even greater power to monitor the millions of us who are doing nothing wrong so have nothing to fear.
Luckily, however, the citizen is able to fight back because technology also brings with it the ability to achieve anonymity, to encrypt conversations to the same standards as the intelligence agencies use and to maintain our privacy. No wonder they are running scared and running into the arms of the law to force a change.

For the time being at least, even if the law does change and even if the secret squirrel types insist on perpetuating the myth that we must be evil if we want to remain anonymous online, I doubt that anything can be done to effectively monitor activity within something like Second World. If you saw that episode of CSI New York where a contract killer adopted an avatar personality to get close to the next target in real life, and was traced in an instant and to a specific apartment location by law enforcement officers, remember that this was pure fantasy. For the time being at least, the real world rational citizen can sleep easy in Second Life I think

Symantec has just published the latest State of Spam Report and it highlights a rather worrying trend: namely a shift in the origination of spam from North America to EMEA. Indeed, the percentage of spam originating in the EMEA region by volume has now surpassed that of North America which has traditionally been at the heart of spam distribution.

This has not just happened in January alone, which the report covers in detail, but has been noted for the last three months in total. However, in January Symantec observes that around 44% of all spam email is coming from Europe compared to just 35% heading out of North America.

Mind you, Symantec also admits that the very nature of the spammer means that it is actually rather difficult to pinpoint the geographic origin of spam with 100% accuracy. Spammers do everything they can to obscure this fact, after all they don’t want law enforcement to track them down or DNS block lists either.

One thing I can agree with Symantec on regarding the European spam issue is that it is most likely to be increase broadband usages that is driving the trend. Look at the figures and you discover that when it comes to the number of broadband users globally, Europe has much of the top ten list wrapped up. The last stats that I saw, which are six months old now, had 6 out of the top ten countries for broadband use being located in Europe.

That said, when you consider the penetration of super-fast broadband, and we are talking 100Mb/sec speeds here, in Asian countries such as Korea, Japan and Singapore, it is somewhat surprising that Symantec reports only 15% of spam originating from that continent. So maybe the broadband thing is a bit of a red herring after all

I guess it was only a matter of time: before Microsoft made a real effort to buy Yahoo, and once it did before Google started stamping feet and shouting that it just isn’t fair. Considering that Google has something like 80% of the search market as far as the UK is concerned at least, compared with around 10% combined for Microsoft and Yahoo, it does rather stick in my craw when it starts complaining about ‘unacceptably dominant positioning’ to be honest. Yet that is exactly what Google is doing, warning anyone within earshot that if Microsoft buys Yahoo then it will create a dominating email and instant messaging monster which could jeopardise future development of the open standards Internet.

Of course, similar concerns have not come to the fore when Google itself has been on the acquisition trail to strengthen its position as a provider of online services. Of course, it is just the kind of puff and bluster to add fuel to the fire after the US justice department announced it would investigate (for antitrust reasons) any deal between the two online giants.

If you ask me it just confirms that Google is worried that Microhoo could become the first serious competition to its own position in the marketplace, the online advertising marketplace that is. Funnily enough, that is one area of unacceptably dominant positioning that Google has been suspiciously quiet about…

McAfee Avert Labs has been compiling a list of the most prevalent email phishing scams as we get stuck into 2008, and as a result can reveal the top 10 emails you most certainly don’t want to be receiving. And so, in time honoured reverse order stylee, here are the email subjects to watch out for:

10.
Data confirmation
9.
Information
8.
JP Morgan Chase - Critical Account Information
7.
Your Online Activity Confirmation
6.
All cards (except the temporary cards) from this account are suspended.
5.
Banking
4.
Eilige Information
3.
Sparkasse informiert Sie
2.
Please confirm your data
1.
Amazon.com Inc. Security Center

Funnily enough, I cannot think of a single instance when I would have even bothered to read any of those emails. They would all have been victims of my itchy delete button finger I am glad to say.
Then again, nor would I have fallen for a complete stranger informing me that they have a terminal illness and asking for financial help. Maybe I am an uncaring heartless b’stard, or maybe I just have too much common sense. Some people are obviously too caring and have no sense whatsoever as three men have pleaded guilty to running just such a scam in New York which netted them more than a million bucks!!! Of course, when you read the detail of the scams you realise that the real common factor that the victims suffered from was being greedy, because the terminally ill person actually wanted to distribute 55 million dollars to charity before they died and needed someone to help out, who would get a percentage naturally enough.
Am I truly alone in thinking that these greedy and gullible idiots deserve everything coming to them? Think of it as a kind of digital evolution, culling the stupid and selfish from the Internet gene pool