It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI/TECH: Internet Threats - June 14th, 2004

page: 1
0

log in

join
share:

posted on Jun, 14 2004 @ 08:39 AM
link   
Home PCs big source of spam
The results of a recently released study conducted by networking equipment maker Sandvine Inc. indicated that a majority, as much as 80%, of Spam e-mail originate from home computers that have been hijacked by professional spammers.
 


The Boston Globe
...spammers have created "worm" programs that can be sent over the Internet to infect unprotected computers, mainly home machines connected to broadband networks. The worms contain "Trojan horse" software that can transform an infected computer into a spam relay. The machine will then pump out thousands of spam e-mails without the owner's knowledge or consent. Sending the spam through a relay computer makes it much harder to block the messages.

Please visit the link provided for the complete story.

Some, such as Symantec Corp. and Spamhaus, disagree that such a massive percentage comes from infected home computers, but do agree that the problem exists and needs to be addressed. Representatives of Symantec state that 70% of unsolicited commercial e-mail originate from "spam houses,'' companies that specialize in sending out messages in bulk. Spamhaus holds that 200 professional Spam operations responsible for 90% of spam.
Related News Links
Sandvine Inc.
MessageLabs
Spamhaus
Symantec Spamwatch

Comcast takes hard line against spam
The giant broadband Internet Service Provider Comcast has nearly six million subscribers and is reputed to be the largest single source of spam E-mail messages, with over 800 million emerging from their network daily, although only 100 million originate from its own e-mail servers. The balance comes from virus-infected "Zombie Computers" being used as relays for professional spammers. Comcast has announced that they will begin to track, identify and selectively block TCP port 25 for computers that are sending lage amounts of e-mail. Port 25 is used by the Simple Mail Transfer Protocol (SMTP) commonly used to send e-mail

ZDnet
"We are singling out spammers on our network and blocking port 25," said Mitch Bowling, Comcast's vice president of operations. "We don't think it's the right approach to blanket port 25. The right approach is to seek out people who are spamming our network and others."

Comcast is not the first ISP to take this measure. In fact, many service providers such as America Online and EarthLink have been doing this for many years. Other cable ISPs such as Cox Communications also have implemented port 25 blocks to fight spam.

Please visit the link provided for the complete story.


U.K. broadband provider NTL announced that they will be blocking ports across their NTL Home network to prevent the spread of the ever troublesome worms such as the "MSBlaster" and "Welchia" worms.


ITvibe
The ports blocked are the following:
137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP) ? All ports used for Microsoft File and Printer sharing which will now NOT work. Also programs like Microsoft Exchange and many DCOM applications will no-longer be able to communicate to the outside world.
1433 (TCP), 1434 (UDP) - Used by SQL servers for accepting and handling connections and queries, will no-longer be able to connect to the internet.
Finally port 27374(TCP) which as far as we can tell is not used by any legitimate source.

Please visit the link provided for the complete story.


It does the heart good to see that ISPs are beginning to take an active role in blocking malicious or annoying Internet traffic. This practice begs for scrutiny, though. If port blocking becomes an accepted practice for security reasons, it is not a stretch to see more restrictions placed on network, blocking ports that have legitimate uses but are abused (some would argue that SQL already falls into this category) or simply create greater bandwidth requirements. For example, some ISPs are blocking ports commonly used by "Peer-to-Peer" file sharing applications and 119 (TCP) used by Network News Transfer Protocol (NNTP), the backbone of USENET newsgroups, because of bandwidth demands and its use to transfer illegally pirated software, movies, etc.
Related News Links
SenderBase
CNet News
NTL
GRC

Law turns tables on antispam group
The news about Spam is not all good. Professional spammers in Britain are now claiming Spamhaus has no legal right to block them because they are acting within the scope of a new law that permits their mass-mailing business. These e-mail marketing organizations are now mounting an offensive legal strategy to protect their lucrative businesses

ZDNet
Spamhaus founder Steve Linford revealed told the Openwave messaging anti-abuse conference in London this week that this legislation has had a counterproductive effect. "For the first time we have very tenacious spamming gangs setting up in the U.K.," said Linford. "And, for the first time, we have spammers threatening us with legal action."

When the government introduced the privacy and electronic communications regulations last December, it said they made it an offense for a U.K. company to send junk e-mail or text messages, unless the recipient is an existing customer or has given their permission to receive such material. Firms who flout the law face a £5,000 ($9,100) fine for each breach.

However, this only covered individual e-mail accounts and not corporate ones.

Please visit the link provided for the complete story.

Related News Links
Slashdot
The Guardian
EU Privacy and Electronics Communication Directive

Virus/Worm News
The “Zafi” worm a.k.a “Erkez” is not really anything new. It is a mass-mailing worm that spreads via e-mail attachment and peer-to-peer networking. Zafi.B attempts to stop firewall and antivirus programs, and disables some Windows programs, "Task Manager" & "RegEdit." Because it is so prevalent and numbers of infections increasing, it has been given a medium threat level. Updated antivirus signatures will detect this worm.

"Plexus-B" - A variant of the "W32.Plexus.A" worm has appeared on the scene. It is rated ‘Medium’ because of its "blended threat' design and because it specifically attacks Kaspersky Labs' antivirus software. A "blended threat" uses multiple methods to spread itself; Plexus can spread via e-mail attachment, from computer-to-computer over the Internet, and via Peer-to-Peer file sharing application. It opens infected computer to outside control by installing a "backdoor." The worm prevents users of Kaspersky AV from getting updated signature files
Related News Links
Sophos
Symantec
TechTree
Related ATS discussion
www.abovetopsecret.com...

Microsoft concedes dial-up patch problem
Users need to do more about security prevention, but Microsoft admits that getting the latest update patch from the Web is not always easy for consumers connecting via dial-up

ZDnet
The length of time it takes to download Microsoft updates can be prohibitive, said Barley. This is particularly a problem for the 67 percent of the UK population connecting to the Net via dial-up -- a problem that has forced Microsoft to start issuing its patches on CD-ROMs.

"Getting [Microsoft Update] downloads over dial-up can be horrendous," admitted Nick Barley, director of marketing at Microsoft.

Downloads are also little help to users logging onto the Internet for the first time. Graham Cluley, a security consultant at Sophos, points out that an unprotected computer can be infected with the worm within 10 minutes of first connecting to the Internet.

Please visit the link provided for the complete story.

Everyone knows that keeping your computer up-to-date on software patches is essential to computer security. (You do know that, right?) Therein lies a problem. When you buy a new computer with Microsoft Windows installed as an operating system, which is likely given the percentage of the market owned by MS, or if you build a new computer and install your existing copy of Windows, the first thing you do is connect to the Internet and download your security patches. Even with a broadband connection such as cable or DSL this is going to take a while. Over a dial-up connection it could be hours. See the problem? If there is a good change that an automated scanning worm is going to find and exploit an un-patched flaw within the first few minutes there is a great likelihood that you are going to get infected before you finish the updates. Broadband users can add a hardware firewall to protect their connection, but without one they are in the same situation as analog modem users. Antivirus programs and software firewalls, if installed before connection to the Internet, can help even the odds, but often they require their own updates!

Microsoft is looking into a subscription-based system for distributing patches on CD-ROM in addition to its web-based patch delivery and "Windows Update" feature. Although specifics are scare, MS intends to incorporate major security features into its next operating system, Codename: "Longhorn," that will make this method of software patches obsolete. Windows XP Service Pack 2 will serve as a bridge between this new technology and current methods.
Related News Links
eNews
EnterpriseIT Planet
WindowsNetwork
Related ATS discussion
www.abovetopsecret.com...


[edit on 14-6-2004 by Banshee]




new topics
 
0

log in

join