(Mis Asia Writer, Network World) Global spam volume grows by 25 per cent. A new research revealed a surge in spam levels in February 2010 to make up 89.4% of all e-mails.

Spam levels in Hong Kong reached 90.6% and virus activity in China was the highest in the world in February, according to Symantec's latest MessageLabs Intelligence Report. In Singapore, one out of every 319.2 e-mails contained a virus in a period when the total spam volume globally increased by about 25%.

In February, the most spammed industry, with a spam rate of 93.1%, was the engineering sector. Spam levels for the education sector were 90.8%, 89.3% for the chemical and pharmaceutical sector, 89.8% for IT services, 91.1% for retail, 87.6% for the public sector and 88.4% for finance.[...]

(Steven Andrés, PC World) Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks - steps that even enterprise-class security specialists may slip up on.

Steps for small businesses and enterprise-class security specialists:

1. Know Who Might Be Targeted - and How and Why
2. Don't Take the Bait
3. Use Unique Email Addresses to Keep Password Reset Emails at Bay
4. Don't click on anything in email
5. Patch Early, Patch Often
6. Don't Let Bob Stop You From Running a Secure Network
7. The P of P2P Is Personal, Not Business
8. Nail Down Your Network

Read more by following the "full article" link.

(Ellen Messmer, Network World) Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Ranked by size and strength, these article presents the 10 most damaging botnets in the U.S.

1. Zeus
Compromised U.S. computers: 3.6 million. Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers.
2. Koobface
Compromised U.S. computers: 2.9 million. Main crime use: This malware spreads via social networking sites with faked messages or comments from "friends."
3. TidServ
Compromised U.S. computers: 1.5 million. Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment.[...]

Read more by following the "full article" link.

(Lance Whitney, CNET News) "Bomb Blast." "Jackson is still alive: proof." "Obama cursed by Pope." These are just a few of the subjects used by cybercriminals last year to trick people into opening malware-infected e-mails.

Spam that uses the latest news headlines was just one of the hot trends last year in the world of cybercrime, according to McAfee's "Q4 Threats Report", released Tuesday. The latest threat assessment also noted a rise in "hacktivism," or politically motivated cyberattacks.

Though spam levels in the fourth quarter actually dropped by 24% from the third quarter, the daily volume of junk mail around the world still averaged 135.5 billion per day. To reach that level, spammers relied heavily on news stories, especially tragedies.

(by hjkim, MailRadar Community) When most people think about email security, they think in terms of virus and spam protection. The typical questions are: 'How do I protect my users from viruses and spam?', 'What about phishing?', 'How are Trojans and other threats stopped?'. What is missing is a comprehensive, holistic approach to email security.

The above are some of the issues that a company needs to consider. However, there are many other issues that need to be addressed:

1. Educating the employees and helping them understand how security affects their livelihood
2. Reviewing physical security regularly
3. Checking the network security
4. Validating the administrators managing your email server
5. Software security

Email security encompasses much more than just anti-virus and spam protection. The biggest threat does not occur outside of the company; most of the threats are within the company where information can be easily shared and hacked.

(Debra Littlejohn Shinder, TechRepublic) If it seems like you’re getting hit with more email scams than ever, you’re right. Email scams have been with us since the Internet went commercial back in the early 1990s. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect — unless you know what you’re looking for.

Let’s look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them:

1. Fake Facebook “friend” messages
2. Fake admin messages
3. Fear-mongering messages
4. Account cancellation scams
5. Bogus holiday cards
6. Phantom packages
7. Threats from the government
8. Census survey says…
9. In Microsoft (or Apple or Dell or HP) we trust
10. You’re a winner! [...]

View the original article and learn more about email scams by clicking on the "full article" link.

(Joel Snyder, TechTarget) Some email managers have asked for the ability to stop certain types of files from coming through the system. The premise is simple: some types of files are rarely legitimately sent. A good example would be a file with an extension of .BAT. Yes, IT people do occasionally and legitimately send .BAT files. But all of the non-IT people in an organization should not be getting .BAT files. And if they do get .BAT files, then they are probably getting into trouble with them.

This leads to a lot of antivirus configurations that delete certain body parts from email messages. Good products let you do this in three different ways:

1. By the filename of the body part (such as *.mp3)
2. By the MIME label (such as MIME type "audio/mpeg")
3. By the fingerprint of the file as detected by the email gateway (such as "audio files").

A key consideration: The only reason to look at types of email body parts is to block them from entering your organization. Don't use these features to exempt certain types of data files from virus scanning. Remember: Computers are cheap, people are expensive, and (more importantly) attackers are constantly moving their attack vectors. Any attempt to optimize your antivirus configuration to speed performance is going to eventually compromise security.

Blocking certain types of files from entering via email is more of a business-by-business decision. Going one way or the other can't be classified as a best practice.

(Michael Kassner, TechRepublic) The complexity of today’s IT environment makes it easy for computer malware to exist, even flourish. Being informed about what’s out there is a good first step to avoid problems.

With all the different terms, definitions, and terminology, trying to figure out what’s what when it comes to computer malware can be difficult. To start things off, let’s define some key terms:

1. Malware: Is malicious software that’s specifically developed to infiltrate or cause damage to computer systems without the owners knowing or their permission.
2. Malcode: Is malicious programming code that’s introduced during the development stage of a software application and is commonly referred to as the malware’s payload.
3. Anti-malware: Includes any program that combats malware, whether it’s real-time protection or detection and removal of existing malware. Anti-virus, anti-spyware applications and malware scanners are examples of anti-malware.

One important thing to remember about malware is that like its biological counterpart the number one goal is reproduction. Causing damage to a computer system, destroying data, or stealing sensitive information are all secondary objectives.

Is it even possible to reduce the harmful effect malware causes? Here are a few thoughts on the subject:

1. Malware isn’t going away any time soon. Especially when it became evident that money, lots of money can be made from its use.
2. Since all anti-malware applications are reactionary, they are destined to fail.
3. Developers who create operating system and application software need to show zero tolerance for software vulnerabilities.
4. Everyone who uses computers needs to take more ownership in learning how to react to the ever-changing malware environment in.
5. It cannot be stressed enough, please make sure to keep operating system and application software up to date.

(Joel Snyder, Security Operations and Strategies) When you look at your firewalls and security policy, it's helpful to learn two new terms: "client-protecting" and "server-protecting." The reason we need these terms is that you configure your firewall very differently depending on whether you are protecting clients or servers. In fact, the configurations and requirements are so different, that you should consider having different firewalls for your servers and for your clients. That's not always the right answer, but it can simplify things dramatically, because you can focus on what you are protecting and where the vulnerabilities are.

When a firewall sits between the Internet and users browsing the Web, that constitutes "client-protecting." For example, if a user tries to go to a malware site, and the firewall blocks the malware from being downloaded, that's client-protecting behavior.

At the other end of the spectrum is "server-protecting," which means that the firewall is protecting your servers from attack or infection. For example, if someone tries a known SQL injection attack on your web server - whether it is vulnerable or not - and the firewall IPS blocks it, that's server protection.

The problem comes in when you are trying to mix client-protecting and server-protecting configurations in the same box. Some firewalls don't let you apply protections in different ways to different types of traffic. Sometimes it's just very confusing to keep straight whether the firewall is protecting clients or servers, because documentation and configuration tools are very commonly ambiguous about which direction things are flowing. And sometimes it's a cost question: when you pay subscription fees for services such as antivirus and intrusion prevention, it may be less expensive to pay for just what you want to protect on two smaller systems, rather than a single larger one that has to have every protection turned on for every user.

(Joel Snyder, TechTarget) If you've bought a firewall in the last 3 years, you've bought a UTM firewall: a device that will not only control traffic based on policy, but also one that has other built-in threat mitigation technologies, such as antivirus, intrusion prevention and content filtering. UTM features have been around for longer than that, but the market universally moved to UTM about 3 years ago for all but the biggest and smallest of devices. There are lots of reasons for this shift, including a desire to provide better security and adapt to current Internet threats.

However, one cynical reason for the shift to UTM should be kept in mind as you investigate your new (or old firewall): UTM services are subscription services. Firewall vendors want to move their customers from a buy-once model to a recurring revenue model, where software updates, IPS rules, and antivirus/antimalware signatures add up to a steady trickle of revenue from each subscriber. This inherent conflict of interest means you need to evaluate what services you really want and need from your UTM firewall, so as to maximize the value of the subscription dollars you spend.

UTM firewalls are all over the map with additional security features that go beyond basic firewalling, but the three most common areas are antivirus/antimalware, intrusion prevention, and content filtering. Let's look at all three to see what makes the most sense for you. If you don't have a good feel for the terms "client-protecting" and "server-protecting," then you should review "How Many Firewalls Do I Need?" first.

Antivirus/Antimalware Solid Secondary Protection
UTM firewalls are great secondary antivirus/antimalware protection in a client-protective environment. If you have desktop antimalware, then adding UTM antimalware (hopefully from a different antimalware vendor) will provide a good level of secondary protection.

For years, the specter of viruses, Trojan horses and worms caused many a chief security officer to lose sleep. But it’s the enemy within that is now prompting IT staffers to ramp up security efforts. According to Forrester Research, the majority of security breaches involve internal employees, with some estimates as high as 85 percent.

Inadvertent employee error, laptop theft, contractors’ unauthorized access to information, disgruntled employees, password mismanagement – all of these factors can mean drastic revenue loss, legal liabilities, diminished productivity and brand erosion.

What are the top internal security threats – and how can you avoid them? Read on to find out.

E-mail worms, not long ago the scourge of the Internet, have declined sharply in 2007, a security company has revealed. According to UTM security vendor Fortinet, the incidence of mass-mailing worms has declined by 5 percent each month since the start of the year, putting the once-feared worm well below other types of attack in terms of volume.

The figures come from the company's The State of Malware report for June 2007. Viruses, spyware and software exploits have remained roughly stable in volume throughout the same period, while Trojans have been climbing since February to represent the number one threat.

Much less common mobile, IM, Linux, and non-mailed Win32 worms have all shown marked declines, albeit from relatively low levels.

Thousands of legitimate Web sites are hosting an infection kit that evades detection by attempting to compromise each visitor only once and using a different file name each time, Web security firm Finjan warned on Monday.

The attack, dubbed the "Random JS toolkit" by the security firm, currently uses dozens of hosting servers and more than 10,000 legitimate domains to attempt to exploit the systems of visitors to the sites, the company said in an analysis posted to its Web site.

Back in the days when Windows 98 was the latest Microsoft operating system, HTML email messages accounted for a large number of infected Windows-based systems. Surprisingly, things have not changed much nowadays either. Accepting and displaying HTML email messages still pose a great deal of threats for email users, regardless of what operating system they are using, or if the latter is actually immune to an attack based on vulnerabilities of other systems.

To illustrate, here are some of the possible threats posed by the use of HMTL messages; including, but not limited to virus or other malware infections, which still account for a high degree of risk.

Estimates vary, but generally it is believed that there are 100 to 500 Linux viruses out there. The tiny number of Linux viruses that do exist have never resulted in a significant outbreak. In comparison to the plethora of viruses and worms in Windows-based platforms, the volume of Linux viruses is insignificant. So this leads us to two questions: why are there so few Linux viruses and are Linux anti-virus tools necessary?

The answer to the first question has a lot to do with the differences between Linux and Windows desktops. Linux hosts are an unwelcoming environment for a virus because the multi-user access controlled model makes traditional virus propagation methods problematic.

Let's look at an example:

Virus attacks often start with the victim receiving an email containing a malicious attachment. If the user attempts to execute the attachment on a Windows platform, it will run if it has a suitable file extension, appropriate executable content or configured to be executed by association with a particular application. Even worse, some clever Windows-based viruses don't even require the user to execute the attachment. Viruses can be activated by merely reading the email containing it. As users of many Windows-based hosts, especially Windows XP, are also running with local administration rights, the virus may potentially infect and subvert the entire host.