The Monday HELO — July 18, 2011
This week: hackers in your voicemail, hackers in your email, hackers trying to get in, and keeping Google’s party private.
Welcome (after a brief hiatus) to the twelfth edition of The Monday HELO, in which Melinda Plemel synopsizes some of the most interesting recent happenings in email technology and messaging abuse.
The News of the Hacking World
It’s nearly impossible to avoid the stories that surround one of the world’s most popular tabloids shutting down from the scandal of privacy violations and phone hacking of some of the most well known celebrities and world diplomats.
Typically we hear of hacking being targeted to desktops, but most of us now realize that smartphones are also a target. Not surprising, since smartphones are nothing more than pocket computers. But how did this really happen? Naked Security has a great piece describing how News of the World was able to pull this off. They also give some great advice on how to protect yourself in the event that your life is interesting enough to be on the front page of a tabloid.
Spammers are constantly finding new ways to send spam and infect computers. One of the greatest victories for the anti-spam side was the big takedown of the Rustock botnet, which did result in spam levels dropping for a period of time. Rustock was one of the largest spam botnets in operation, at one point accounting for nearly half of all spam being sent worldwide. In response to this takedown, Commtouch says, Spammers appear to have returned to an old tactic: “the use of compromised accounts to send spam as opposed to using botnets.”
The move from botnets can also be explained by better IP reputation based anti-spam products. It’s much more difficult to stop spam originating from compromised webmail accounts using IP reputation, since the IP address can exist within legitimate ranges.
Unfortunately, botnet infection rates have not declined. 377,000 zombies were activated daily during the second quarter compared to 258,000 zombies in the first quarter. India continued to have the most zombies last quarter 17% of all zombies worldwide, according to the Commtouch study.
One Phish, Two Phish, Big Phish, Spear Phish
A recent Cisco report is showing that phishing is down, but spear phishing is up. “This first half of 2011 has been one of the most momentous periods in the history of security,” Peterson said at a Cisco news conference Thursday.
Traditionally non-targeted, phishing is like throwing out a thousand lines and waiting for one to bite. With spear phishing, it’s more like driving to a particular lake, with a certain type of lure and bait to catch the ‘big one’. Spear Phishing is much more sophisticated and unfortunately much more profitable to spammers. “The report compares the results of a mass attack to those of a targeted attack. In a typical mass attack, a million emails may be sent out. Most will be blocked, but enough will get through that eight people are victimized for a loss of $2,000 each, or $16,000 total. If it costs $2,000 to conduct the attack, the criminal has made a profit of $14,000. But in a targeted attack, only 1,000 emails are sent, and only two people are victimized, but their losses are $80,000 each or $160,000 total. It may cost the criminal $10,000 to conduct that campaign, yielding a net profit of $150,000.”
Of course you already have access to the new Google social network, Google+. It’s been out a couple of weeks, and according to one article it’s about to hit 10 million users while remaining in what Google calls a “trial” period.
Paul Allen of Ancestry.com has developed an interesting methodology to calculate the number of Google+ members, asserting that “2.2 million people have joined Google+ in the past 32 -34 hours (as of July 12, 2011). He also states that “Google will easily pass 10 million users tomorrow and could reach 20 million user by this coming weekend if they keep the Invite Button available. As one G+ user put it, it is easy to underestimate the power of exponential growth.” It’s still a bit away from Facebook’s “currently has – “Now tops “629 million registered users with almost 250 million people accessing the site via mobile”, according to TechCrunch.
One difference between the failed Google Buzz and the new Google+ is that Google released this to a limited group initially, in hopes that they would avoid any privacy concerns from their users. They have a long history of making questionable assumptions regarding the privacy of their subscribers. Fortunately it looks like they might be doing things differently this time, according to an article from TechWorld. I guess we’ll know soon if that is truly the case for all of the 10 – 20 million users…+1.
About Melinda Plemel
Melinda has been working at Return Path for 9 years and is currently the Senior Industry Advocate and is responsible for managing global partners that join Return Path's Data Exchange program and emerging markets. She is the key to helping and educating Return Path on mailbox providers, anti-spam, and email technology trends, as well as to educating receivers about everything Return Path has to offer.