'Net Features : malware

GeoTrust Cloud Service to Protect Against Malware

Allison Howen — Fri, 21 Oct 2011 07:00:00 GMT

Nothing severs the trust that users have for a website quite like hidden viruses that infect their devices. To prevent this potentially disastrous situation from happening, GeoTrust has announced its Web Site Anti-Malware Scan, which is a cloud service that identifies malware to protect website visitors and owners.

Malware can come from many different places, such as a site owner that installs a program that mistakenly turns out to be malware, or from hackers that like to exploit website vulnerability. However, this problem can be reduced by using GeoTrust’s Web Site Anti-Malware Scan, which automatically and daily checks up to 50 Web pages for well-known and new malware strains.

"Web site owners and visitors alike dread the idea of downloading hidden malware and want to be sure they don't get hacked,” says Fran Rosch, VP of Symantec Trust Services “By working closely with our channel partners to develop a solution tailored to their customers' needs, Symantec is maximizing the resources of the channel while positioning its partners to provide an innovative yet simple and affordable security option for web site owners."

With GeoTrust’s service, website owners receive detailed alerts that pinpoint malware infections, allowing for the problem to be solved before it gets out of hand. The solution also provides a GeoTrust Web Site Anti-Malware Seal, which ensures a safe site to visitors.

Malware Up, Spam Down

Pete Prestipino — Wed, 17 Nov 2010 15:09:00 GMT

It seems every bit of good news received about Web security is tempered with some bad.

McAfee unveiled its McAfee Threats Report for the Third Quarter (2010) today, which revealed that while spam levels decreased in volume this quarter (hitting a two year low) malware is soaring with an average of 60,000 new pieces of malware identified each day – quadrupling since 2007.

“Our Q3 Threat report shows that cybercriminals are not only becoming more saavy, but attacks are becoming increasingly more severe,” said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee.

“Cybercriminals are doing their homework, and are aware of what’s popular, and what’s insecure. They are attacking mobile devices and social networking sites, so education about user activity online, as well as incorporating the proper security technologies are of utmost importance.”

One of the most sophisticated pieces of malware in Q3 was the Zeus botnet, the malware at the root of U.S. small businesses losing $70 million at the hands of Ukrainian cybercriminals. Recently, a Zeus botnet was unleashed that is aimed at mobile devices and designed to intercept SMS messages to validate transactions, putting at risk consumers bank accounts. McAfee also saw an increase in email campaigns attempting to deliver the Zeus botnet, under the disguise of organizations like eFAX, FedEx, Internal Revenue Service, Social Security Administration, United States Postal Service and Western Union.

Botnet activity also remained strong in Q3, the most popular of which, Cutwail, accounted for more than 50 percent of traffic in every country. Cutwail bots engaged in distributed denial-of-service attacks against more than 300 websites, including United States government departments such as the Central Intelligence Agency and Federal Bureau of Investigation, and businesses websites such as Twitter and PayPal.

McAfee Reports Historic Levels of Malware

Linc Wonham — Tue, 10 Aug 2010 18:00:00 GMT

According to Web security firm McAfee’s second-quarter data, Malware reached its highest levels ever in the first half of 2010. The company found 6 million malicious files in the second quarter, making for a total of 10 million malicious files over the first six months of the year.

The most frequently used malware included threats on portable storage devices, fake anti-virus software, software specifically targeted at social media users, AutoRun malware and password-stealing Trojans. McAfee reported that approximately 55,000 new pieces of malware appear every day around the world.
Spam rates appear to have leveled off after reaching nearly 175 billion messages per day in the third quarter of 2009, but there was a spike in spamming that surrounding the FIFA World Cup held in South Africa during July. During that time, cybercriminals used a variety of methods to promote scams and search-engine poisoning globally.

The most popular forms of spam in the U.S. were delivery status notifications or non-delivery receipt spam, which was also the case in Great Britain, China, Australia, Italy, Spain, Germany and Brazil. Argentina had the world’s highest number of different spam topics with 16, according to McAfee’s report.

VeriSign Beefs Up Trust Seal, Attack on Malware

Linc Wonham — Mon, 01 Mar 2010 21:02:00 GMT

The provider of the Internet’s most recognized symbol of trust has just bulked up a brand that’s already viewed 175 million times each day.

Last week, VeriSign, Inc. unveiled its VeriSign Trust Seal, an extension of the familiar checkmark circle of the VeriSign Secured® Seal, and this week the mark becomes available for online purchase to qualified Web sites looking to increase their traffic, security and customer loyalty. The new seal will be available through VeriSign’s reseller partners later in the year.

VeriSign is the trusted provider of Internet infrastructure services and is known known for authenticating large e-commerce sites that are protected with their own Secure Sockets Layer (SSL) transaction encryptions by certifying them with the VeriSign Secured Seal. Until now, however, the certification was not available to sites that outsource their payment functions to third-party providers.

Now VeriSign is extending the brand to include those sites, and, in the process, hoping to promote a safer Internet by identifying sites that compromise consumer safety. Under the new VeriSign Trust Seal program, the smaller as well as large sites will be protected from malware, or malicious software, that can infect them with data-stealing programs.

VeriSign estimates that nearly half of e-commerce sites don’t encrypt transaction data, such as customers’ credit card numbers, using SSL.

“That means that nearly half of merchants have been unable to take advantage of our trust mark,” says Tim Callan, VeriSign’s vice president of product marketing. “We’re excited to be able to change that.”

The new symbol, which displays VeriSign’s checkmark logo with the words “VeriSign Trusted” within the seal, is first being offered to sites that use hosted shopping carts. The fee will be $299 per web domain per year, and VeriSign will scan those sites each day for malware as part of the program.

Later this year, VeriSign will offer the new seal and malware-scanning software to its traditional customers as a value-added service for no extra fee. If the software discovers malware on a client site, it will automatically remove the VeriSign Trust Seal from the infected site and alert the site operator of the problem. The site operator would then use the application’s console to remove the malware.

In addition to malware scanning, Websites that earn the VeriSign Trust Seal can expect increased traffic by adding the most recognized trust mark on the Internet, while also avoiding search-engine blacklisting. Increased conversions can also result from the partnership program as customers are more likely to put their trust into sites that carry the seal of certification.

TheFind, an Internet shopping engine, recently released a joint study with VeriSign that showed that shoppers click through to online merchants 18.5 percent more often when the merchants display the VeriSign Secured Seal, compared to merchants on the shopping site who don’t display the seal.

“Reputation is vital to the success of the growing number of small- to medium-sized businesses competing in the online marketplace, and trust is a key component for protecting brand reputation and increasing consumer confidence,” said Ray Boggs, vice president of SMB research for IDC. “VeriSign’s brand recognition will extend to the new VeriSign Trust Seal to help small- and medium-sized businesses communicate trust and safety to customers and prospects.”

Darren Shafae, founder and vice president of Proofreading.com, said that his Internet-based document proofreading service saw a 36-percent increase in completed registrations after first posting the VeriSign seal to show that his site was encrypted.

“We’re a small company that isn’t widely known yet, and I think it’s doubly important for a smaller firm like ours to take advantage of the name recognition that VeriSign brings. When you're up against better known competitors, every advantage helps, and the VeriSign name is a decisive advantage. I believe that sites that don’t require SSL encryption can also benefit from a VeriSign seal of approval.”

Threat & Spamscape Forecast 2010

Pete Prestipino — Wed, 13 Jan 2010 17:30:00 GMT

Email messaging and Web security solution provider AppRiver released its year-end spam and virus repot, highlighting trends from 2009 as well as some predictions for the coming year.

- Phishing remained a consistent threat with several campaigns targeting social networking sites and mimicking major banks, as well as the Internal Revenue Service, to dupe consumers at tax time

- Spammers exploited major current events such as the H1N1 flu outbreak and Michael Jackson’s death

- Data breaches rocked Heartland and Countrywide

- Botnets like Conficker and Waledac made frequent headlines

“2009 brought the return of Conficker, which turned out to be the biggest un-used botnet of the year,” says AppRiver Senior Security Analyst Fred Touchette. “It resurged quickly and spread fast, but its threat level paled in comparison to the lesser-discussed ZeuS Trojan, often from the Pushdo bot, which goes right for victims’ banking credentials. The profit potential is huge for cybercriminals as do-it-yourself ZeuS Trojan kits are widely available on the black market for as little at $400.”

Touchette believes that mobile, cloud and sero-day attacks will continue to increase. Here are a few highlights from the threat forecast:

- Personal data is very lucrative in the underground economy, and just as it was in 2009, it will continue to be a target for cybercriminals in 2010. Expect to see more custom malware designed for very specific purposes, such as intercepting credit card purchase transactions and cardholder information.

- The cloud will continue to be a target. Malware authors have already begun to host malicious code on major cloud based servers (e.g. Amazon’s EC2). Expect to see more of this, as well as attacks against the cloud itself, namely Google Wave this year.

- Although still a niche market, anti-virus products for smart phones often offer full data back-up in case of loss or damage as a part of their service. This info is stored on the cloud. These companies may see targeted attacks against stored personal information.

Stay on Top of Internet Trends and Techniques:
Request a professional subscription to Website Magazine,
the most popular print publication on Web success.

Top Malware Threats in June 2009

Pete Prestipino — Tue, 07 Jul 2009 16:16:00 GMT

Windows security software provider Sunbelt Software released a list of the most prevalent malware threats for the month of June 2009.

Sunbelt Labs finds a surge in threat detections for the high risk threat Trojan-Spy.Win32.Zbot.gen, a family of password-stealing Trojan programs which is being distributed through SPAM (often as a file purporting to be an airline e-ticket, as a file attachment from "United Parcel of America," and one claiming to be an e-payment notification of an order with Amazon.com. The Trojan injects code from remote sites that harvest confidential data off a user's system including cached passwords, login credentials for web sites such as online banking sites, as well as data in certificates and cookies.

The following are the most prevalent spyware threats for the month of June.

1. Trojan-Spy.Win32.Zbot.gen: 7.19%
2. Trojan.DNSChanger.Gen: 2.66%
3. Trojan-Downloader.Zlob.Media-Codec: 2.63%
4. Trojan.1: 2.62%
5. BehavesLike.Win32.Malware (v): 2.59%
6. Exploit.PDF-JS.Gen (v): 2.19%
7. PersonalAntivirus: 1.52%
8. INF.Autorun (v): 1.45%
9. Trojan-Spy.Win32.Pophot.gen: 1.40%
10. Win32.Cekar.E: 1.40%

Stay up to date on important 'Net events like this and accelerate your Web Success!
Request a professional-level subscription to Website Magazine.

Super Affiliates Sell What People Need

Pete Prestipino — Mon, 06 Apr 2009 14:24:00 GMT

One of the secrets of successful selling is to offer what people really need (or at least think they need).

With security threats rearing their ugly virtual heads with increasingly frequency, you might want to consider referring users to some quality anti-spyware/malware tools like those provided by Spy Sweeper from Web Root, CounterSpy, STOPzilla, or Lavasoft (my personal favorite). Now if you've got your money-making hat on (as I hope you always do), you'll astutely figure out that you can profit from making these referrals.

Lavasoft has announced the launch of a new program for affiliates to earn commissions. The program is powered by Cleverbridge (http://www.cleverbridge.com), an affiliate tracking and management technology. Affiliates that recommend Lavasoft's line of security products earn 20% of the revenues generated. Resellers can receive commission rates based on sales volume, and have the opportunity to earn as much as a 50% revenue commission.

"Lavasoft has been the leader in the worldwide fight against malware for a decade, protecting people against identity theft, online fraud and other online threats with their excellent lineup of products," said Software.com's Vice President, Erick Vincent.

__________

Shorten the road to Web business profitability!
Request a professional-level membership from Website Magazine and receive bright ideas each month on SEO & PPC, Affiliate Marketing, Web Design, Software, Development and more.

Spyware/Malware Threats for November

Pete Prestipino — Wed, 10 Dec 2008 19:53:00 GMT

Windows security and management software provider SunBelt Software announced the top ten most prevalent spyware and malware threats for the month of November (2008). The report was compiled from monthly scans performed by Sunbelt's antispyware tool, dubbed CounterSpy, and VIPRE, its anti-malware solution. The results represent the number of times a particular spyware or malware infection was detected during CounterSpy and VIPRE scans that report back to Sunbelt's community of opt-in users.

The top ten most prevalent spyware threats for the month of November are:

1.   Trojan-Downloader.Zlob.Media-Codec 4.27%
2.   Trojan-Downloader.braviax 2.89%
3.   Virtumonde 1.88%
4.   Explorer32.Hijacker 1.62%
5.   Trojan.FakeAlert 1.42%
6.   Rootkit.TDss.Gen 1.25%
7.   Trojan-Spy.Win32.Zbot.gen 1.15%
8.   Antivirus 2009 1.08%
9.   INF.Autorun (v) 1.07%
10.   Trojan-Downloader.Generic 1.04%

Live Search Adds Malware Reporting

Pete Prestipino — Fri, 28 Nov 2008 14:29:00 GMT

Microsoft's Live Search Webmaster Center Team announced that its updated tool now shows if any malware is found associated with your site.

As Live Search crawls the Web, it flags all pages containing or linking to detected malware with a “Malware” warning message in the search engine results page and disables the link to the page to protect customers. This enables website owners to determine whether any malware has been detected on an of their webpages and download offline-acessible repotis which detail the webpages that are affected by the detected malware. The Webmaster Center team is also now providing the ability to filter outbound links to see those that might specifically link to pages infected with malware. By reviewing this list and removing the bad links, site owners can prevent the users of a site from accidentally installing software that is harmful.

Microsoft has also made it easer for webmasters to authenticate their sites. The Webmaster Center team has simplified the authentication process by allowing one authentication code for all of your sites.