Defending The Kingdom

If spam emails didn’t sometimes encourage people to click through and make a purchase, it wouldn’t exist as a business. The fact that we all get spam means that, despite the costs of doing so, somebody still finds it profitable to send out all of those emails. The truly amazing thing, though, is the number of emails spammers have to send in order to capture a single customer. The Economist had an article a few weeks ago that provided some data:

In 2008 researchers from the University of California at Berkeley and San Diego posed as spammers, infiltrated a botnet and measured its success rate. The investigation confirmed only 28 “sales” on 350m e-mail messages sent, a conversion rate under .00001%. Since then, says Mr Peterson, the numbers have got worse.

Given how good my Gmail account is at filtering out spam and assuming that other email software is rising to that standard, I’m not surprised that the conversion rate is so low. So what are spammers doing now?

Well, Twitter seems to be a breeding ground in rude health:

…researchers from the University of California at Berkeley and the University of Illinois at Champaign-Urbana show that 8% of links published [on Twitter] were shady, with most of them leading to scams and the rest to Trojans.

And I suspect we’ll see Facebook become an increasingly important launching pad for similar threats. The security arms race continues.

Happy holidays, dear readers!

First, which browsers are the most common these days? Wikipedia has a useful summary of browser usage statistics collected from various sources. The summary statistics look a little off to me (even after considering the note at the bottom of the table), but you get the basic idea: Internet Explorer and Firefox are running away with it.

Security Update

Internet Explorer 6 remains a hopelessly dangerous browser, but I’ve been impressed by Internet Explorer versions 7 and 8. If you haven’t yet upgraded, do so now.

I wanted to update previous comparisons (see here, here, and here) between the two most prominent browsers, but Secunia, the security consultancy I had been getting figures from, now advises against using its statistics for comparison purposes because of the way it reports them.

Fair enough, and it wouldn’t hurt to go to a second source. I recently ran across a report by NSS Labs, which mentions that “53% of malware is now delivered via internet download versus just 12% via email, while IFrame exploits and other vulnerabilities comprise 7% and 5%, respectively…” (If you’re wondering, IFrame exploits are just another flavour of attack aimed at web browsers.)

Check out the report summary, which has two very interesting graphs. It looks like Internet Explorer 8 is beating Firefox (and other browsers) by a wide margin when it comes to protecting against “socially engineered malware” (links that lead to infected downloads), while the two leading browsers provide about the same amount of protection against phishing attempts.

Curious about the web’s most dangerous search terms?

The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky.

What makes a webpage dangerous?

• Risky downloads—Downloadable files that contain viruses, spyware, or adware or make unrelated
  changes to the downloading computer
• Browser exploits—Also known as a driveby download, this type of malicious code enables viruses,
  keystroke loggers, or spyware to install on a consumer’s computer without consent and/or knowledge
• Email practices—Registration forms and other sign-ups that result in high volume email, highly
  commercial email or both. We also test for difficultly unsubscribing.
• Phishing—Scam sites that try to trick visitors into believing the site is legitimate
• Excessive popups—Sites that engage in aggressive popup behavior or display large numbers
  of popups
• Linking practices—Sites that aggressively link to other red- or yellow-rated sites

The report, by McAfee, mentions that hacking for profit has overtaken hacking for fame. I suspect that is why we no longer worry about viruses that will wipe our hard drives clean — the tactic is attention-getting, but is unlikely to be profitable to anybody. Today, viruses that collect information about our computing habits and personal lives are the primary threats.

If your installation of Windows XP is lacking an antivirus program or firewall, it’ll take about 8 seconds for it to become rabid and foaming with worms, viruses, and spyware. At least, that’s what this BBC article suggests.

But seriously, remember when all you had to worry about was some dork impressing his friends with some virus named after a girl that kneed him in the balls last week? That was a more innocent time.

Today, viruses have come of age. And they’re not even called viruses anymore. The biggest problems today are spyware and adware. The trouble with viruses was that their sole object was to penetrate your computer, then destroy it. That didn’t make anybody rich, though, because good parasites don’t kill their hosts.

The most sinister and pervasive threats have morphed into commercially propelled vehicles for privacy extraction with a view to profit. These days, when I look at a friend’s computer that has slowed and showed signs of derangement from infection, I don’t find a lot of viruses. But I find boatloads of spyware and adware (and that’s a metric boatload, not one of those sissy imperial boatloads).

So be aware of the threat you face now. A new enemy requires new tactics–this means your anti-spyware and adware programs are more important than ever. I previously recommended Spybot and Adaware for the newly important jobs – read my review of both and find out how to get them (they’re free, of course).

Google, by partnering with the StopBadware Organization, has begun to issue warnings when users click on search results that lead to dangerous websites.

StopBadware keeps a list (so far it appears to be quite limited) of user-submitted websites that are known to host spyware, adware, and other malware. After receiving submissions, the organization analyzes the purported malware using a list of seven categories of bad behaviour that help to identify malicious software.

This list includes:

…deceptive installations, unclearly [sic] identification, causing harm to other computers, modifying other software, transmitting user data, interfering with computer use, and being difficult to uninstall completely.

You can see one of the warnings in action by doing a search for “seriall” and clicking on the first result (SeriAll.com is a website that publishes serial numbers for pirated software). After clicking on the link, you should see a screen similar to the one shown at the top of this post. (continue reading…)