[SecurityRatty] tag: fresh

Will Code Malware for Financial Incentives

Tue, 18 Nov 2008 10:57:55 +0000

A couple of hundred dollars can indeed get you state of the art undetectable piece of malware with post-purchase service in the form of automatic lower detection rate for sure, but what happens when the vendors of such releases start vertically integrating just like everyone else, and start offering OS-independent spamming, flooding, modifications and tweaking of popular crimeware kits in the very same fashion? The quality assurance process gets centralized into the hands of experienced programmers that have been developing cybercrime facilitating tools for years.

It's interesting to monitor the pricing schemes that they implement. For instance, the modularity of a particular malware, that is the additional functions that a buyer may want or not want, increase or decrease the price respectively. Others, tend to leave the price open topic by only mentioning the starting price for their services and they increasing it again in open topic fashion.

Let's take look at some recently advertised (translated) "malware coding for hire" propositions, highlighting some of the latest developments in their pricing strategies :

Proposition 1 :
"Programs and scripts under the following categories are accepted :
grabbers; spamming tools for forums, spamming tools for social networking sites, modifications of admin panels for (popular crimeware kits), phishing pages

Platform: software running on MAC OS to Windows
Multitasking: have the capacity to work on multiple projects
Speed and responsibility: at the highest level
Pre-payment for new customers: 50% of the whole price, 30% pre-pay of the whole price for repreated customers
Support: Paid
Rates: starting from 100 euros

If, after speaking ultimate price, you decide to add to your order something else - the price change. Prepare the job immediately, which will understand what to do and how much it will cost you, if you have any suggestions for a price, then lays them immediately and not after the work is completed. If you order something that requires parsing your logs, and their continued use, you agree to provide "a significant portion of the logs, so that after putting the project did not raise misunderstandings due to the fact that some logs are no longer "fresh", because of their "uniqueness". In this case, for the finalization of the project will be charged an additional fee."

This is an example of an "open topic pricing scheme" with the vendor offering the possibility to code the malware or the tool for any price above 100 euro based on what he perceives as features included within worth the price.

Proposition 2:
"Starting price for my malware is 250 EUR. Additional modules like P2P features, source code for a particular module go for an additional 50 EUR. If you're paying in another currency the price is 200 GBP or 395 dollars. I sell only ten copies of the builder so hurry up. The trading process is simple - a password protected file with the malware is sent to you so you can see the files inside. You then sent the money and I mail you back the password. If you don't like this way you lose.

I can also offer you another deal, I will share the complete source code in exchange to access to a botnet with at least 4000 infected hosts because I don't have time to play around with me bot right now.

This proposition is particularly interesting because the seller is introducing basic understanding of exchange rates, but most of all because he's in fact offering a direct bargain in the form of access to a botnet in exchange for a complete source code of his malware bot. Both propositions are also great examples that vendors engage by keeping their current and potential customers up-to-date with TODO lists of features to come next to the usual CHANGELOGS, and, of course, establish trust by allowing potential customers to take a peek at the source code of the malware they're about to purchase.

Related posts:
Coding Spyware and Malware for Hire
The Underground Economy's Supply of Goods and Services
The Dynamics of the Malware Industry - Proprietary Malware Tools
Using Market Forces to Disrupt Botnets
Multiple Firewalls Bypassing Verification on Demand
Managed Spamming Appliances - The Future of Spam
Localizing Cybercrime - Cultural Diversity on Demand
E-crime and Socioeconomic Factors
Russia's FSB vs Cybercrime
Malware as a Web Service
Localizing Open Source Malware
Quality and Assurance in Malware Attacks
Benchmarking and Optimising Malware

Money Mules Syndicate Actively Recruiting Since 2002

Tue, 28 Oct 2008 05:44:21 +0000

Money mules have already been an inseparable part of the underground ecosystem. And while others try to hide their activities by outsourcing their hosting needs to botnet masters partitioning their botnets, the experienced ones apply a decent level of OPSEC (operational security) by establishing a trust based model based on recommendations in order to even consider letting you register for their services. Their geographical location not only reflects the average time it would take to take action against their activities and expose yet another extensive network of fraudulent operations, but also, has the potential to increase or decrease the commissions that the mules take based on the risk factor of getting caught.

There are several different types of money mules, those serving themselves, and those offering their services to others, in this particular case, we have a money mules syndicate that's been operating since 2002, and is only serving the high profile customers. What happens when such a money mule syndicate (naturally) starts vertically integrating by offering value-added services like credit card balance checking and date of birth lookups? Profits apparently increase, since the syndicate is actively recruiting and is currently looking for 20 to 30 mules -- their current staff is said to be approximately 100 people -- to cash out anything from bank account logins, Paypal accounts, to stolen credit card data. Here's a translated description of the service :

"Who we are?

- First place at (cyber crime community) top list of trusted service providers for 2008
- We serve the big guys only since 2002
- We never scam, in business since 2002 without a single scam complaint
- We look for you, you don't look for us
- We offer outstanding working conditions and high commissions

Who you should be?
- Dedicated person with experience in the field
- Have been in the business for at least 6 months
- Have been recommended by at least 1 person from (cybercrime community) and from (cybercrime community)
- You take 45% commission of the processed check, minimal amount is $3000
- You pay a membership fee

In the next two months we draw the command of 20-30 people who will most satisfy our requirements. For the selected team will be Paradise conditions:

- Instant payment (a few hours after delivered)
- Large numbers to drop service in the USA and the UK (30)
- Individual drop in the number of large islands
- 3-5 fresh weekly drop
- Round-the-clock support"

In case some of their customers get scammed -- appreciate the irony here as scammers compensate the scammers getting scammed by the scammer's outsourced personnel -- by some of their money mules, the service is offering compensation for the stolen goods/amount of money, clearly speaking for the revenues it is to prone to be generating. OPSEC (Operational Security) has been taking place across high-profile cybercrime communities during the last quarter, mostly in response to their increasing awareness that in the very same way they keep track of the major anti-fraud features implemented across their services of (ab)use, those implementing them could be monitoring them as well.

Why Risk Management Doesnt Work (?!)

Wed, 08 Oct 2008 13:15:14 +0000

Several folks (Hi Daniel, Brent, David!) sent email & twitters asking us our opinion on a Dark Reading article called “Why Risk Management Doesn’t Work” which if you click on the link should come up for you after seeing someone’s advertisement for a few seconds.

I’m assuming the author wants us to read the title as “Things to Look Out For in Performing Risk Analysis” and not “Risk Management is Folly - Stop, Stop, Stop!” The former is fine, the latter isn’t supported by the evidence presented by the subjects of the article.
The subjects of the article are a good study from Wade Baker & Co. at Verizon, and a report from RSA’s Security for Business Innovation Council. Let’s take a look at each of these and examine why what they’re saying might contribute to poor risk management, shall we?

1.) THE VERIZON REPORT

The Verizon report is an analysis of some 530 forensic investigations their company performed. It is well worth your time as it’s chock full of interesting information. As it relates to the Dark Reading piece, a coarse summary would be that “likelihood” is “different” for different people and so you can’t use the same “likelihood” across different industries.

Distilled through the lens of FAIR:

“different threat communities may be applicable based on Probability of Action factors which include: Value, Level of Effort and Risk (of Getting Caught).”

Or, even further distilled and in the words of my six year old son,

“Duh-uh”.

With regards to what I assume is the purpose of the article (What Doesn’t Work in Risk Analysis) this concept seems just to rehash the old GIGO argument regarding risk analysis. Great. Can’t argue with that, nor it’s corollary QIQO (quality in, quality out).

But let me ask you - is this really a problem common in your analysis? Did reading this article make you go “Crap, we’ve been using data normalized across multiple industries in our analysis! They’re all wrong!” Or have you already been accounting for the unique value proposition your company has to the specific threat community you’re worried about? See, maybe I’m just not your average analyst, but even in my NIST/OCTAVE days, this has *never* been an issue for me.

Let me be specific, this is not a problem with Verizon’s very cool report. It’s just that I don’t see what the big deal is. This article is starting to feel like someone is running through the motions, trying to play the ” a crazy title gets people to read a boring article” game.

Speaking of cool reports - You know what would be cool? I think it would be interesting to see is the quality of these companies’ “risk management process” established using good criteria, and then correlated to the frequency and magnitude of real-world losses across the aggregate sample. In other words, can we establish evidence that strong risk management practices not just reduce “risk” but also reduce actual incidents.

2.) THE RSA COUNCIL “EXPLORES WHY LEGACY METHODS OF EVALUATING INFORMATION SECURITY RISK DON’T WORK IN TODAY’S CONNECTED WORLD, IN WHICH ANY NEW BUSINESS INNOVATION INHERENTLY CARRIES SOME LEVEL OF RISK TO INFORMATION.”

This report from the RSA council puts forth a seemingly obvious proposition, that risk must be balanced by reward. Why is this news? Now as I read the article it’s not clear if:

The RSA Council is claiming that the CISO’s office should be the ones determining reward. Absurd.

Businesses aren’t doing a good job at determining risk and reward.

Let’s go with the latter. So I’m pretty sure (good) businesses do a good job at estimating reward. Businesses I’ve been a part of? We LOVE(D) estimating reward. We don’t tend to start projects all willy-nilly. No we tend to be careful to identify the size of the market and what it will cost to address the market. So what could the problem be that this RSA council is trying to address? Maybe it has to do with something like the following:

Yesterday, I got a demo of an IT-GRC application that shall remain nameless. It seemed to be very good at the “C” bits - lots of information on regulations and expectations and even what sorts of controls would answer the regulations (which is goofy, but we’ll have to talk about that later). It also gave you the ability to build workflow quite nicely. But it measured NOTHING. There really was no observable “G” and “R” was really Medium X Low X Low = High sorts of stuff. So let’s use this relatively expensive tool as evidence of what your average CISO is armed with going into a Risk/Reward sort of meeting. I imagine a nice board room with wood-grain paneling and glass bowls filled with little chocolate covered mints designed to give everyone involved in the meeting (CEO, CFO, CIO, CSO, VP S&M, etc…) a little sugar rush when needed and fresh breath. The conversation goes a little something like this (apologies to Rich):

Business Guy Who Wants to Make Money Because That’s What Businesses Do: Based on market studies, we believe that initial gross revenues from the new product and technology rollout will be eleventy gazillion dollars based on a 37% market penetration in Scandinavia, alone.

CSO: Well now, we have a likelihood of “High” and a “C” impact of Medium, and an “I” impact of Low, and an “A” impact of “High” and because we are a (bank/hospital/retailer/basically any business that breathes anymore) we weight “C” by a factor of 2 - we multiplied those all together and got a “High”.

So can you guys delay the product rollout by 9 months and give me a bunch more money that’s not in the budget so that I can get this thing down to a “Medium”, please?

Again, I just don’t see the problem with Information Risk Management being that our businesses have no idea what the rewards of business might be. Now maybe we need get a seat in that boardroom just to be able to talk about our “Mediums”, sure. And maybe we’re infantile in our ability to describe our problem space. But I cannot fathom that “Risk Management Doesn’t Work” because businesses haven’t been considering “reward”.

WHY RISK MANAGEMENT MAY NOT BE WORKIN’ FOR YOU

Two meta-categories of causation:

No skills

and/or

No resources

Any ancillary “cause” can be mapped to one of these categories. You could have significant resources but crappy models, and have conversations like our imaginary CSO, above. You could have really good models and people trained and motivated to use them, but scarce time & money, so no conversation happens.

Now my question for you is - which does it make sense to acquire *first* to solve the “Why Risk Management Doesn’t Work” problems, skills or resources?

Proxy Caches are a Challenging Threat to Internet Security

Sun, 05 Oct 2008 06:41:52 +0000

Proxy caches, combined with poorly written session management code, can easily leads to serious security flaws similar to what we highlighted in A New Security Breach in Google Docs Revealed.

Web developers have no control over proxy caches in the Internet. However, developers do have control of the code they write and their admin teams have configuration control of their web servers. Developers must assume the worst case Internet scenario with aggressive Internet cache management policies that serve cached data for economic and performance reasons.

As a consequence, this fact-of-life on the Internet sometimes results in multiple web clients being sent the same Set-Cookie HTTP headers, for example. Caching proxy servers should obtain a fresh cookie for the each new client request. Ideally, proxy caches should not cache session management cookies and distribute cached cookies to multiple clients. However, application developers cannot assume that proxy caches are well behaved, especially for applications where security and privacy are required.

Web developers cannot know whether their content is consumed directly or via a proxy cache. Developers also cannot assume that the HTTP responses will be delivered to the intended browser. Moreover, developers cannot be sure that the intended browser even receives the intended content. For example, a session ID issued to a client gets used while it is valid or until abandoned and expired. If it is served and delivered in response to an unencrypted HTTP GET request, there’s no guarantee it will be consumed by the intended web browser.

Ideally, SSL should be used on all web transactions that require confidentiality and privacy, including our recent Google Docs breach. On the other hand, even SSL is not foolproof. For example, many web developers do not correctly set the “Encrypted Sessions Only” cookie property. These incorrectly configured “secure” servers will send HTTPS cookies in the open, unencrypted.

There be dragons …

Note: Reposted from the (ISC)2 blog.

Inside a Managed Spam Service

Fri, 03 Oct 2008 07:20:32 +0000

A managed spam vendor always has to raise the stakes during its introduction period on the market. But what happens when a market follower starts using the market leader's proprietary managed spamming system, and is able to provide better spamming rates at a cheaper prices? Market forces and unethical competition at its best.

So, what is this market challenger using the monopolist's -- in respect to managed spamming services not spam in general -- proprietary system (Spamming vendor launches managed spamming service) up to anyway? Promising and delivering, 1, 400,000 emails daily, 60,000 mails per hour, and 100 emails per minute. What we've got here are the spam metrics out of 5 already finished spam campaigns that has managed to sent out a million spam emails using only 2000 malware infected hosts. Also, CC-ing and BCC-ing made it possible to multiple the effect of the campaign and increase the total number of emails spammed. Talking about benchmarks, 789 emails per minute at a rate of 12/13 emails per second is a pretty good one, considering it's only 2k bots that they were using. What they also promise is automatic rotation of IPs upon automatically checking them against public blacklists, and a mix rotation of IPs from their own netblocks located in Russia and Germany with the fresh IPs coming from the newly infected hosts.

Earlier this month, I discussed the market leader's managed spamming system, access to which they also offer for rent :

"An inside look of the system obtained on 2008-08-12 indicates that they are indeed capable of delivering what they promise - speed, simplicity and 5000 malware infected hosts. Moreover, the attached screenshot demonstrates that 20 different email databases can be simultaneously used resulting in 16,523,247 emails about to get spammed using 52 different macroses. Furthermore, what they refer to as a dynamic set of regional servers aiming to ensure that the central server never gets exposed, is in fact fast-flux which depending on how many bots they are willing to put into “rtsegional server mode” shapes the size of the fast-flux network at a later stage."

With cutting edge managed spam services like the ones currently in circulation, it remains to be seen whether or not spammers would migrate to this outsourcing model, or continue coming up with adaptive ways to send out their scams and malware on their own.

Female Bodyguards Get the Job Done.

Sun, 28 Sep 2008 17:45:00 +0000

Those who think that Bodyguarding is a job best left to men - think again.

The Dublin City Herald recently ran a story about Lisa Baldwin, from Dublin, who is a female Personal Protection/Close Protection Specialist based in the U.K. Ms. Baldwin is in high demand by Middle Eastern clients who wish to have their women and children protected by female agents.

That is exactly why SEXTON EXECUTIVE SECURITY(www.sextonsecurity.com)designed a Middle East E.P./C.P. course that will be held in the U.A.E. from the 11th of October through the 18th. The President, John Sexton summed it up as follows; "We saw the need for agents from all over the world to be able to train in the Middle East and to experience the culture,tradition and religion first hand". "Middle Eastern clients are extremely important to our industry", he added "and it behooves all agents involved in providing safety for these families to become conversant with every aspect of their lives in order to be able to offer the best protection possible".

SEXTON will also have a group of female trainees attending their Executive Protection course in San Diego, California in December. Lisa Baldwin is described in the Herald as being "one of the world's few female bodyguards". Many women around the world now recognize that by undergoing professional training like Ms. Baldwin, they can be assigned to prestigious contracts and make a very lucrative living.

Ms. Baldwin's petite stature does not prevent her from succeeding in a mostly male-dominated industry. "You realise you're not in Iraq, you're in London", she advises. Very true. Smart protectors understand that the Art of Personal Protection is about using your mind and not your brawn. The differences between working in Iraq and London/New York/Dubai are like night and day.

Unfortunately, if the agent does not receive proper training, they may very well fail to realise the difference. There is one type of training needed for a Hostile environment such as Iraq or Afghanistan and a completely different one for the corporate/private sector. A security contractor coming fresh out of a hostile environment will often find it extremely difficult providing protection in a covert, "grey man" style.

Fortunately for them, Sexton Executive Security's focus is on private clients and their E.P./C.P. corporate training program can help those returning form overseas contracts to make the transition smooth and profitable.

In the corporate/private family world, you don't have heavy weaponry to rely upon but as Ms. Baldwin states; "Its all about the mind and prevention". Like the old saying goes; "an ounce of prevention is worth a pound of cure".

A Diverse Portfolio of Fake Security Software - Part Six

Wed, 24 Sep 2008 14:29:31 +0000

Thanks to misconfigured traffic management kits, not taking advantage of all the built-in features that could have made a research a little bit more time consuming, here are the latest fake security software domains popping up at the end of fake adult content sites :

anti-spyware8 .com
anti-spyware4 .com
anti-spyware11 .com
anti-spyware10 .com
antivirus-cs1 .com
antivirus-cs14 .com
antivirus-cs4 .com
antivirus-cs15 .com
antivirus-cs5 .com
antivirus-cs7 .com
antivirus-cs8 .com
antivirus-cs9 .com
trustedpaymenssite .com
altawebgl-500 .com
masterspitetds09 .com
protectionaudit .com
prt3ctionactiv3scan .com
prtectionactivescan .com
smartantivirusv2 .com
smartantivirus2009v2 .com
smartantivirus2009v2-buy .com
smartantivirus-2009v2buy .com
smart-antivirus2009v2buy .com
anti-virus-xp .com
anti-virus-xp .net
e-antiviruspro .com
ultimate-anti-virus .com
antimalwarewarrior2009 .com
spyware-buy .com
superantivirus2009 .com
total-secure2009 .com
pcprivacycleanerpro .com
bestguardownload .com
trustedantivirus .com
antivirus-buy1 .com
spyware-quickscan-2008 .com
securealertbar .com
secureclick1 .com
megantivirus2009 .com
micro-antivirus2008 .com
superantivirus2009 .com
advanced-anti-virus .com
antivirusmaster2009 .com
scanner-online1 .com
internet-scanner2009 .com
filescheck-list303 .com
virus-webscanner .com
virus9-webscanner .com
spamnuker .com
detect-file101 .com
googlescanners-360 .com
onlinescannersite9 .com
bestantivirusscan .com
hottystars .com
internet-defenses .com
globals-advers .com
quickupdates29 .com
myscanners101 .com
myfreescan500 .com
scanthnet .com
scanners-pro .com
megatradetds0 .com
xp-licensingpages .com
bestantivirusscan .com

power-avc .com
pvrantivirus .com
online-xp-antivirus-checker .com
antivir-online-scan .com
online-win-xpantivirus .com
tube-911 .com
favoredmovie .com
getqtysoftware .com
softwareportal2008 .com
megazcodec .com
soft-upgrade-network .com
download-base .com
fastsoftdownloads .com
software-downloadz .com
download-soft-basez .com
plupdate .com
0scan .com
virus-online-scan .com
0scanner .com
porno-tds .com
jirolu .com
virus-online-scanz .com
red-tubbe .info
win-xp-antivir-hqscanne .com
xp-protections .com
xp-registration .com
xp2008-protect .com
getdefender2009 .com
gettotalsec2008 .com
msantivirus-xp .com
xp-licensingpages .com
protectionpurchase .com
winxp-antivir-on-line-scan .com
antispychecker .com
errorofbrowser .com
fresh-video-news .com
newschannel2008 .com
internet--daily-news .com
secure.signupsecurity .com
xpacodec .com
xpbcodec .com
gmkvideo .com
hqsextube08 .com
antivirusworld9 .com
viacodecright1 .com
viacodecright2 .com
quickupdates29 .com
antivirusworld9 .com
scanthnet .com
city-codec .com
citycodec .net
codecdownload.anothersoftportal09 .com
viacodecright2 .com
sextubecodec023dfs41 .com
hot-sextubedriver2 .com
viacodecright2 .com

The Diverse Portfolio of Fake Security Software series are prone to continue taking a bite out of cybercrime, and the people who distribute them on a affiliation based revenue sharing model.

Related posts:
Fake Porn Sites Serving Malware - Part Three
Fake Porn Sites Serving Malware - Part Two
Fake Porn Sites Serving Malware
EstDomains and Intercage VS Cybercrime
Fake Security Software Domains Serving Exploits
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Localized Fake Security Software
Diverse Portfolio of Fake Security Software
Got Your XPShield Up and Running?
Fake PestPatrol Security Software
RBN's Fake Security Software
Lazy Summer Days at UkrTeleGroup Ltd
Geolocating Malicious ISPs
The Malicious ISPs You Rarely See in Any Report

Copycat Web Malware Exploitation Kits are Faddish

Wed, 03 Sep 2008 03:18:08 +0000

For the cheap cybercriminals not wanting to invest a couple of thousand dollars into purchasing a cutting edge web malware exploitation kit -- a pirated copy of which they would ironically obtained several moths later -- with all the related and royalty free updates coming with it, there are always the copycat malware kits like this one offered for $100.

Taking into consideration the proprietary nature of some of the kits, the business model of malware kits was mostly relying on their exclusive nature next to the number, and diversity of the exploits included in order to improve the infection rate. This simplistic assumption on behalf of the coders totally ignored the possibility of their kits leaking to the general public, or copies of the kits ending up as a bargain in particular underground deal where the once highly exclusive kit was offered as a bonus.

"Me too" web malware kits were a faddish way to enjoy the popularity of web malware kits like MPack and Icepack and try to cash in on that popularity by coming up average kits lacking any significant differentiation factors in the process. But just like the original and proprietary kits, whose authors didn't envision the long term growth strategy of integrating different services into their propositions or the kits themselves, the authors of copycat malware kits didn't bother considering the lack of long-term growth strategy for their releases. Branding in respect to releasing a Firepack malware kit to compete with Icepack which was originally released to compete with Mpack, has failed to achieve the desired results as well.

And with malware kits now a commodity, and underground vendors excelling in a particular practice with the long term objective to vertically integrate in their area of expertise -- think spammers offering localization of messages into different languages and segmented email databases from a specific country -- would we witness the emergence of managed cybercrime services charging a premium for providing fresh dumps of credit card numbers, PayPal, Ebay accounts or whatever the buyer is requesting?

That may well be the case in the long term.

Related posts:
Web Based Botnet Command and Control Kit 2.0
DIY Botnet Kit Promising Eternal Updates
Pinch Vulnerable to Remotely Exploitable Flaw
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
The Small Pack Web Malware Exploitation Kit
Crimeware in the Middle - Zeus
The Nuclear Grabber Kit
The Apophis Kit
The FirePack Exploitation Kit Localized to Chinese
MPack and IcePack Localized to Chinese
The Icepack Exploitation Kit Localized to French
The FirePack Exploitation Kit - Part Two
The FirePack Web Malware Exploitation Kit
The WebAttacker in Action
Nuclear Malware Kit
The Random JS Malware Exploitation Kit
Metaphisher Malware Kit Spotted in the Wild
The Black Sun Bot
The Cyber Bot
Google Hacking for MPacks, Zunkers and WebAttackers
The IcePack Malware Kit in Action

Automatic Email Harvesting 2.0

Tue, 26 Aug 2008 04:01:51 +0000

Just when you think that email harvesting matured into user names harvesting in a true Web 2.0 style with the recently uncovered harvested IM screen names, and Youtube user lists for spammers, phishers and malware authors to take advantage of, someone has filled in the gap that's been around as long as email harvesting has been a daily routine for spammers - dealing with text obfuscations which still remain highly popular online, once it became evident that spammers are in fact crawling for default mailto lines. This email harvesting module can be run a separate script, or get integrated as a module within any botnet, is capable of harvesting the following text obfuscations often used in order to prevent spamming crawlers :

mail@gmail.com
mail[at]gmail.com
mail[at]gmail[dot]com
mail [space]gmail [space]com
mail(@)gmail.com
mail(a)gmail.com
mail AT gmail DOT com

The overall availability and easy of obtaining a huge percentage of valid email addresses within an organizaton, is not just resulting in the increasing segmentation and localization of spam, phishing and malware campaigns, it's increasing the profit margins for the spamming providers which is now not just offering verified to be 100% valid email addresses, but also, can providing the foundations for spear phishing and targeted attacks.

Quality assurance in spaming is still in its introduction phrase, with customers starting to put the emphasis on the number of emails that actually made it through the spam filters, than the number of emails sent as a benchmark for increasing the probability of bypassing anti spam filters. Taking into consideration the big picture, sniffing for email addresses streaming out of malware infected hosts, and stealing huge email databases by exploiting vulnerable online communities, seems to be the tactics of choice for the majority of individuals whose responsibility is to continuously provide fresh and valid email addresses.

What AntiVirus products do what?

Thu, 21 Aug 2008 10:20:23 +0000

A really great article that should be required reading for every user online.
Like a yearly requirement. ya know, to keep these facts fresh in your spongelike, thirsting for knowledge mind.

clipped from www.enterprise-security-today.com

Not All Antivirus Programs Are Created Equal

Another issue with antivirus programs is the size of the processing footprint they exert. A number of common programs have very large footprints and will significantly slow down your computer — especially on startup. It is worthwhile asking about and understanding the effect the antivirus program will have on your particular computer.