THE JOURNAL OF EDUCATION, COMMUNITY, AND VALUES
By Pat McGregor
Your friends on Facebook may have been urging you to remove the increasingly popular "Fancheck," which does the numbers and gives you some info about the totality of your friends, such as "most common name" and "average age". But the malware is actually the interesting Facebook app "Removal Kits," which many people have been buying and consequently giving fraudsters their personal info and credit card info.
Sophos Software Online expert Graham Cluley warns,
...hackers have set up websites pretending to be about the "Facebook Fan Check Virus", but which really host fake anti-virus software which display bogus warnings about the security of your computer in an attempt to get you to install fraudulent software and cough-up your credit card details [1].
But, Facebook isn't the only site plagued by this. Even the venerable New York Times had malware ads injected in the middle of September 2009.
Even worse, the Times says that the advertiser, posing as Internet phone company Vonage, sold the ads directly to them rather than through an ad vendor:
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.
Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. "In the future, we will not allow any advertiser to use unfamiliar third-party vendors," she said. Mr. Frons said it was unclear how many people saw the ads [2].
This was a huge surprise to those of us who track these sorts of events. You're more likely to see this on websites without such a scrupulous reputation, and generally with those using ad networks to manage what ads show up on their sites. (See my article last month on Behavioral Tracking for more info on how online ads work [3].
According to Austin Modine in the online website The Register,
Health-care spam held a solid lead with 68.8 per cent of unsolicited emails. Miscellaneous offers accounted for 12.3 per cent, education 4.4 per cent, gambling 1.3 per cent, and foreign language spam only 1.1 per cent [4].
But, as you probably noticed, most of the email sent (and received) is now spam. Although your personal filters or your email provider may filter it out, spam now accounts for nearly 95% of the email whizzing around the Internet [5].
CSO Magazine always has an interesting column on "numbers" with InfoSec factoids or Trivia. This month's:
A great many people figure that the Norton or Symantec suites that come on their pre-loaded machines will do the stuff -- not realizing that it's no longer just virus software. Information Security Magazine polled their readers for the best business-grade desktop and server antivirus and antispyware products. You won't be surprised to find that many security-savvy home users use these products (or their single-user products) instead of the more familiar ones. But what may surprise you is the variety of apps you get rolled into one. Natalie Lambert, an analyst at Forrester Research, says:
Generally speaking, antimalware is antimalware; what you get from one vendor is not much different than what you get from another. Where the market is changing is that there are lots of components required to have a comprehensive strategy. Antimalware alone is not going to cut it. It's hard to buy antimalware alone; vendors are almost forcing you to buy a client suite [7].You may be surprised to find that the big players you may be most familiar with are not in the top three. Instead, we find:
(GOLD) Kaspersky Open Space Security, Kaspersky Labs
"Kaspersky Open Space Security is the company's suite of antimalware protection for the gateway and endpoint. It includes: Work Space, which keeps workstations secure; Business Space, which adds file server protection; Enterprise Space, which adds mail server security; and Total Space, which adds gateway protection to the previous offerings. It received high marks for detecting, blocking and cleaning malware, and in the speed and frequency of signature updates" [8].
I recommend you look at their home protection suites as well (Internet Security 2010, Anti-Virus 2010, Security for Ultra Portables, Mobile Security), as they have gotten high marks from fellow security geeks.
(SILVER) Sophos Endpoint Security and Data Protection, Sophos
"Sophos' Endpoint Security and Data Protection wraps antivirus, firewall, network access control and encryption into a neat package that voters liked for its quick signature updates, and reporting and alerting capabilities. You can also centrally manage the security status of your endpoints from one console; the product supports Windows, Unix and Linux" [8].
Sophos is not only hot software, but they maintain a terrific online source of threats, mitigations, and top-notch white papers and expert discussions.
(BRONZE) ESET NOD32 Antivirus, ESET
"ESET NOD32 Antivirus offers not only antivirus and antispyware protection, but a personal firewall and antispam capabilities. Voters were keen on the product's ease of installation, configuration and administration. NOD32 requires 44MB of memory, less than other similar products. Voters also said they were able to get a significant ROI from this product" [8].
ESET also received the CNET Editor's Choice in April, 2009. I have just been learning more about them, myself, but these two selections make me advise that you take a look, too.
And, finally....President Obama, in an unguarded moment, referred to a recent spat between two music stars at MTV's Video Music Awards, and said he thought one of the people was "a jackass." Now, the unintended consequence wasn't that someone heard him say it, or even that someone twittered away immediately with "Pres. Obama just called Kanye West a 'jackass' for his outburst at VMAs when Taylor Swift won. Now THAT'S presidential" [9].
Nope, it was this small event that toppled big dominoes and caused a fuss:
Harwood [from CNBC. Ed.] had sat down with the president to tape an interview following his appearance on Wall Street on Monday. Although they are competitors, CNBC and ABC share a fiber optic line to save money, and this enabled some ABC employees to listen in on the interview as it was being taped for later use [10].
I am certain that CNBC and ABC never thought when they made the deal that in sharing dark fiber (unused bandwidth) they would enable a competitor to listen in, and use a social media tool no-one had invented to immediately share an off-the-record remark in the warm-up to an interview. At some point later we can debate whether Twitter is going to be the final spike in the process that kills the ability to control one's personal information.
Coming next issue: Cross the Border, and Lose Your Laptop. The Fine Print in the updated Patriot Act.
[1] Cluley, Graham. "Facebook Fan Check Virus scare leads to malware",Sophos company Blogs, 7 Sept 2009. http://www.sophos.com/blogs/gc/g/2009/09/07/facebook-fan-check-virus-scare-leads-malware/ Retrieved 8 Sept 2009.
[2] Vance, Ashlee. "Times Web Ads Show Security Breach," The New York Times, 14 Sept 2009. http://www.nytimes.com/2009/09/15/technology/internet/15adco.html . Retrieved 15 Sept 2009.
[3] McGregor, Pat. "What Would You Give to Never Get Another Viagra Ad in Your E-mail?", Interface. Sept 2009. http://bcis.pacificu.edu/journal/2009/07/article.php?id=104 . Retrieved 15 Sept 2009
[4] Modine, Austin. "US health-care debate clogged world's inboxes, Pharma-spam cashes in," Register, 31 Aug 2009. http://www.theregister.co.uk/2009/08/31/mx_logic_august_spam_report/ Retrieved 15 Sept 2009.
[5] MDX Logic Threat Forecast, August 2009. http://www.mxlogic.com/pdf/forecast/threatforecast0909.pdf Retrieved 15 Sept 2009.
[6] "By the Numbers," CSO Magazine, Sept 2009. page 10. www.csoonline.com. (Sorry, you'll have to read this one in hardcopy!
[7] Lambert, Natalie. "Trends," Readers' Choice Awards, 2009: Antimalware, Information Security Online. http://media.techtarget.com/searchSecurity/downloads/0909_ISM_eM_v3.pdf , retrieved 13 Sept 2009.
[8] Eds. Readers' Choice Awards, 2009: Antimalware, Information Security Online. Sept 2009. http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1365969_mem1,00.html, Retrieved 14 Sept 2009
[9] Bauder, David. "President's opinion of Kanye West sparks debate," Yahoo News, 15 Sept 2009. http://news.yahoo.com/s/ap/20090915/ap_en_ot/us_tv_obama_tweet . Retrieved 16 Sept 2009.
[10] Ibid.
Leonard D. DuBoff and Christy O. King - Email Traps and Troubles
Michael Geraci - Surf's Up: HTML Five-oh! (Part 1)
Pat McGregor - Snips, Snails, Truffles, Malware Warnings, and other...
Jenn Hernandez - "My dad and Me are Asian. My mom's not": Multiracial...
Scott Warnock's Teaching Writing Online. How & Why.
An Educator Reconsiders the Kindle