, D.C.—The U.S. departments of Commerce and Homeland Security (DHS) today discussed with other federal agencies and private-sector leaders in the information technology industry the need to create a voluntary industry code of conduct to address the detection and mitigation of botnets. Botnets are collections of computers that are secretly infected with malware and then remotely controlled by spammers, hackers or criminals.

At an invitational meeting hosted by the Center for Strategic and International Studies (CSIS), IT, policy and other leaders met to brainstorm ideas about ways to fight the growing problem of botnets, including notification of consumers that their computers have been infected with botnet control software.

“Improving cybersecurity requires a combination of efforts in which everyone has a role to play,” White HouseCybersecurity Coordinator Howard Schmidt said in his keynote address. “By working together to achieve better security, we can make the improvements needed that will ensure the security and resilience we need to prosper as a nation.”

On September 21, the departments of Commerce and Homeland Security issued a request for information through the Federal Register for individuals and organizations to share ideas about the requirements of and possible approaches to creating a voluntary code of conduct to address the detection, notification and mitigation of botnets.

At the CISIS event, keynote talks by senior officials were followed by a panel session featuring representatives from the Federal Communications Commission, U.S. Internet Service Provider Association, DHS, National Institute of Standards and Technology and StopBadware. The discussion centered on how Internet Service Providers and other organizations can detect botnet activity and promptly notify consumers that their computers have been compromised.

Over the past several years, botnets have increasingly put computer owners at risk. Researchers estimate that about 4 million new botnet infections occur each month. When a computer is infected by a botnet, the computer user’s personal information and communications can be monitored and that consumer’s computing power and Internet access can be exploited. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.

“Today’s discussion of building a code of conduct around botnet detection, notification and mitigation highlights the importance of maintaining a trusted and secure Internet and the potential of multi-stakeholder efforts,” Cameron Kerry, Commerce general counsel and chair of the department’s Internet Policy Task Force, said. “In a world where commerce and trade operate on exchange of digital information, security and privacy are two sides of the same coin, and this coin is essential currency.”

The public may submit comments in response to the Commerce/DHS Federal Register Request for Information about botnet mitigation on or before 5 p.m., November 4, 2011. For further information, contact Jon Boyens at jon.boyens@nist.gov.

U.S. Senator John D. (Jay) Rockefeller IV, Chairman, Committee on Commerce, Science, and Transportation:

“The Administration’s action today is a good step toward implementing an industry-wide code for Internet providers to inform their customers when a computer virus is detected. Internet providers in other countries are already providing alerts and warnings to compromised consumers as well as offering free mitigation tools. I commend companies like Comcast, which are already following this same model by deploying technologies to protect their customers from online threats. This kind of private sector leadership is a cornerstone in my cybersecurity bill with Senator Snowe. In order to make cyberspace safe in the 21st century, it is critical that other U.S. companies follow suit.”

U.S. Senator Barbara Mikulski, Chairwoman, Senate Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies:

“The Internet has created virtual doors into our lives, finances, businesses and national security. Cyber spies, thieves and thugs are constantly testing the doorknobs, looking for a way in. American consumers have lost billions to cyber crime–which include botnet schemes and scams, and cyber criminals who continue to target the safety and security of our nation. These attacks demonstrate the growing sophistication of their hacking capabilities. Even as we make progress in the fight to stop these thugs, the government cannot afford to go it alone as cyber criminals continue to adjust their tactics. That’s why I am glad the Administration is tapping into American ingenuity and partnering with the private sector to combat these persistent threats to our infrastructure and beat back cyber thieves.”

M86 Security bi-annual report focuses on second half of 2010 cyber threats and key trends; more complex Trojans and next generation malware on the way, social network attacks continue to increase

Orange, Calif. – February 14, 2011 – Frustrated email users may have noticed a significant drop in spam in recent months, but cybercriminals are gaining ground with creative new phishing methods and making exploit kits more robust, according to the latest Security Labs Report from M86 Security, the global expert in real-time Web and email threat protection, which was released today.

Investigating the cyber threat trends in the second half of 2010 for its bi-annual report, M86 Security Labs analyzed spam, phishing, and malware activity, and tracked global Internet security trends. Millions of email messages, infected Web pages and malware samples were reviewed and then correlated with their own Web exploit and vulnerability research, providing M86 with a unique vantage point to report on these trends.

“What is especially noteworthy is that our findings demonstrate that vulnerabilities already patched are continuing to be successfully used for malicious gain. Organizations and individuals must get better at updating their applications and staying ahead of attacks on their devices and their networks,” said Bradley Anstis, vice president of technical strategy, M86 Security. “While the M86 Security Labs report notes that great strides are being made in thwarting cyber-criminal attempts, there is always something else coming through the back door.”

Key findings by the M86 Security Labs for the second half of 2010:
Email Spam is Declining, though Far from Dead: According to the M86 Security Labs research, spam volume has slowed considerably, down to one-third the level at year end when compared to June 2010. Using the M86 Security Labs Spam Volume Index, which tracks changes in the volume of spam received by representative domains, the research shows that spam reduction was affected by botnet disruptions and the closure of a popular affiliate program. This is the lowest since November 2008, when the rogue hosting provider McColo was taken offline.

Botnet Take-downs and Spamit.com Closure: Notably, Spamit.com, an underground affiliate program used by several spamming botnets, was shut down in late September 2010. Spamit.com was linked to Glavmed and the “Canadian Pharmacy” brand of bogus online pharmacies. The Rustock botnet was most affected, with its spam output drastically reduced. However, plenty of other botnets moved up to take its place, and trends in this threat category will continue to be monitored for changes and increases. Other spamming categories in the top four include those for replica watches, fake diplomas and cheap watches. In August, notorious spammer/botnet, Pushdo/Cutwail, was taken down, resulting in a significant spam volume decrease due to a coordinated takedown attempt by security researchers. According to Anstis, such efforts are typically short lived, with the botnets returning to their normal activities. Another well-known botnet, Mega-D, has been taken down multiple times since 2008, only to return. In November 2010, the FBI identified and apprehended Oleg Nikolaenko, a Russian behind the botnet. The botnet since has generated less than 5 percent spam by volume. M86 Labs analysts point to the continuing need to go after and prosecute botnet operators for more long-term impact on spam operations and volumes.

Third-Party Phishing on the Rise: The good news about phishing is that such practices delivered via email are declining dramatically as users are becoming more aware of fake e-mails claiming to be from banking institutions. The bad news: cyber-thieves have found more effective means of stealing bank information from users visiting legitimate banking websites. Malware, including Trojans like SpyEye and ZeuS, are increasingly popular methods for criminals to make off with personal and financial information.

Additionally, attacks posing as third-party agencies such as the IRS and the New Zealand Department of Inland Revenue are being used to phish for a user’s bank account information under the guise of receiving bogus tax refunds. This makes it easier for thieves to obtain information from unsuspecting users by providing multiple options to the user to select the bank of their choice, thus eliminating the guessing game typically played to determine where a user conducts their banking. UK banking customers have been similarly affected, receiving a falsified email purporting to be from HM Revenue and Customs with the same legitimate looking page with options for all banks in that specific region.

Exploit Kits with Virus Scanners, Social Network Attacks Increase: As previously reported by M86 Security, the popularity of exploit kits is on the rise. The newest trend is that more kits are offering services to their customers thus becoming more of a “one-stop shop.” The scanning module in the Siberia Exploit kit and Neosploit’s new Malware-as-a-Service offering are just a couple of significant examples signaling a shift in exploit kit capabilities.

While traditional forms of spamming via email are down, spam techniques using such social networking sites as Twitter, Facebook and LinkedIn, continue to expand. The LinkedIn scam has a legitimate look and feel, inviting users to connect with others in their “network,” only to be connected with the Phoenix exploit kit infection page, which tries to exploit the victims’ computer through various vulnerabilities. The M86 Security Labs report also tracks the top 10 exploit kits being used worldwide.

To download the complete version of the latest M86 Security Labs Report, please go to http://m86.it/2h2010

About M86 Security Labs

M86 Security Labs is a group of security analysts specializing in Email and Web threats, from spam to malware. They continuously monitor and respond to Internet security threats. The Security Labs’ primary purpose is to provide a value-added service to M86 customers as part of product maintenance and support. This service includes frequent updates to M86’s unique, proprietary anti-spam technology, SpamCensor, as well as Web threat and vulnerability updates to the M86 Secure Web Gateway products. The updates allow M86 customers to proactively detect and block new and emerging exploits, threats and malware.

Data and analysis from M86 Security Labs is continuously updated and always accessible online at http://www.m86security.com/labs and on Twitter at http://twitter.com/m86labs

About M86 Security

M86 Security is the global expert in real-time threat protection and the industry’s leading Secure Web Gateway provider. The company’s appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 24,000 customers and over 17 million users worldwide. M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand. For more information about M86 Security, please visit: www.m86security.com.

Here’s an interesting connection between 2 of the different worlds that I function within.  Using people’s interest in games as bait for phishing.

StarCraft II accounts being targeted in phishing scam – Video Games Reviews, Cheats | Geek.com.

Is nothing sacred?  Obviously not in the world of spam and phish.