Malware

Malware / Featured Blogs

The Ultimate Guide to Scareware Protection

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process. more»

SMS Ransomware Displays Persistent Inline Ads

SMS-based micro-payments are clearly becoming the monetization channel of choice for the majority of cybercriminals engaging in ransomware campaigns. The logic behind this emerging trend is fairly simple, and as everything else in the cybecrime underground these days, it has to do with efficiency. more»

Are Phishing and Malware Separate Threats?

Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more»

Canadian Spam Law Update

As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more»

A Few More Thoughts on Email Authentication… errr… Trust

Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more»

Is It Time to Supplement Desktop Security Protections?

Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more»

A Few Thoughts on the Future of Email Authentication

With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more»

Project GhostNet: Canada (and Google) Save the World from Cyber-Spying - Again!

While most people I know are at either VoiceCon or CTIA this week, this one is worth staying home for. Also, I'm sure all the Skype followers are focused today on the news about working with the iPhone -- and that IS a big story. However -- for very different reasons -- I'm sure you'll find this one of interest too. This was a front page story in today's Globe and Mail, and no doubt many other Canadian dailies... more»

Worming Our Way Out of Trouble

The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors. more»

Should We Make the Possession of Malware a Crime?

In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more»