This month’s Lavasoft News is all about a safer environment. We’re bringing you the latest news on securing your computing environment from online threats, but we’re also focusing on how we can all do our part to make sure that the technology-centered world we live in leaves a less harmful impact on our surroundings.

Find out about the negative effects of technology growth on the environment, and how you can do your part in cleaning up the mounting waste problems brought on by our digital lives. Don’t miss the scoop on the Lavasoft tree planting challenge in our “Green Computing” article.

Also in this issue, stay up-to-date on spyware and malware news with a threat forecast from the experts at Lavasoft, an update on a Vista compatible version of Ad-Aware 2007, and a look at what the “Operation Bot Roast” botnet clean-up project means for the future.

Read a few of last month’s Letters to the Editor. If you want to comment on an article you see in LN or have an idea for a story, write to editor@lavasoft.com.

Green Computing and the Lavasoft Challenge
As computers become intertwined with our daily lives, the negative environmental impact of our reliance on gadgets is rising. Get eco-friendly computing tips you can put to use today, and find out how Lavasoft is challenging you to help make a difference.

 Read more

Spyware and Malware Threats Forecast
What are the latest Internet security threats and what does Lavasoft expect to see in the coming months? Find out what to look out for now and in the future.

 Read more

Transitioning to Windows Vista
Read the latest news on the migration to Microsoft’s Vista operating system and how Lavasoft is responding to our users’ needs with a Vista compatible version of Ad-Aware 2007.

 Read more

U.S. Steps Up Fight Against Botnets and Spam
Law enforcement officials throughout the world are taking notice of the growing threats posed by cyber crime groups. A national initiative and ongoing investigations in the U.S. aim to disrupt the Internet’s large-scale botnet problems, along with a renewed vow to clean up spam activities.

 Read more

The Most Famous (or Infamous) Viruses and Worms of All Time eWeek
Take a look back with eWeek’s slideshow of the most notorious viruses and worms ever seen.

 Read more

Security Shorts
Lavasoft News has compiled a list of "security shorts" - summaries of other online security stories making news around the world this past month.

 Read more

New Targets in Detection (July 2007)
Protect your privacy with a complete list of new targets for July 2007.

 Read more

Lavasoft Blog
If you want to go behind the walls of Lavasoft, hear what we are up to, what we are thinking and what is happening in the industry, the Lavasoft Company Blog is the place to go for regular, up-to-date information.

 Read more

Lavasoft Personal Firewall Review
It is clear more than ever before that having a first-rate firewall in addition to anti-spyware and anti-virus software is the ideal way for computer users to keep sensitive information safe. A recent review of Lavasoft’s Personal Firewall earned the software a top place in an analysis of over 35 personal firewall products.

 Read more

To get all news on one, printable page, click here

Home  

Green Computing and the Lavasoft Challenge

When it comes to a safe computing environment, there is more to consider than online security and privacy issues. Today’s society is interconnected with computers, at home and at the office, at work and at play; as our modern lives go increasingly digital, there has been a significant impact on the environment.

“Our growing dependence on electronics products both at home and in the workplace has given rise to a new environmental challenge: electronic waste,” according to Earth 911. Electronic waste, or e-waste, is said to be growing at three times the rate of other waste produced by cities, the organization reports.

And that’s not the only issue brought on by our love of computing. Energy consumption and paper product waste are other environmental challenges produced by computer use.

How can you help to alleviate the environmental impact of your gadget use? You can work on practicing “green computing” - operating online in an environmentally responsible way. This can be a goal for both home PC users and corporations.

You may already know that Lavasoft is a socially conscious company. We are dedicated to creating positive change in the spyware industry, but we also focus on charity efforts like we have with local youth programs in Sweden, such as Friends (a non-profit organization that takes a stand against bullying) and BRIS (an NGO working for children’s rights in society).

As part of this effort to make a difference, we actively search for other like-minded socially conscious companies. GreenPrint Technologies is one such company. Not only does GreenPrint software save computer users time and money, and ultimately has a positive impact on the environment by saving trees, but the company also goes a step further.

As a member of “1% for the Planet,” GreenPrint plans to donate at least one percent of their sales to tree-planting efforts through their environmental partners and, according to their “Million Tree March” campaign, they will plant a tree for every copy of GreenPrint sold through their website before March 31, 2008.

Lavasoft is now adding to their tree planting effort with our own challenge to get you involved in improving the environment – for every GreenPrint product purchased by a Lavasoft customer, two trees will be planted!

To give you a little perspective on how that contribution helps the environment, according to the USDA Forest Service, a single tree generates $31,250 (U.S.) worth of oxygen, provides $62,000 worth of air pollution control, recycles $37,500 worth of water, and controls $31,250 worth of soil erosion, over a 50-year life span.

The tree planting project is coordinated by American Forests, an organization that plants native trees in ecosystem restoration projects across the United States and around the world, and by Sustainable Harvest International (SHI), a group committed to long-term sustainable development in Central American farming communities where the trees are planted. You can read more about projects led by these organizations at www.americanforests.org and www.sustainableharvest.org.

Stay tuned for the results of the Lavasoft challenge in the next LN. In the meantime, take a look below at a few simple “green computing” tips you can put to use today.

• Save resources by turning your computer off when it’s not being used. Instead of leaving your PC on 24 hours a day, use “sleep mode” or turn the computer off fully when you’re not using it in order to save energy. This will also help monitor equipment run cooler and last longer.
• Consider buying energy efficient computers and electronic products. According to Energy Star, an international standard for energy efficient electronic equipment, Energy Star compliant home electronics products will consume around 75 percent less energy in standby mode than standard products.
• Watch paper print-out consumption. GreenPrint stats show that in 2004 the United States alone used 8 million tons of office paper - the equivalent of 178 million trees! Print pages only when necessary, and try to avoid printing unwanted, excess pages.
• Recycle your old PC. As much as 50 million metric tons of e-waste is generated annually, as people upgrade laptops and PCs and throw out old models, according to a 2005 United Nations report cited by Reuters. PCs and computer parts set out in the regular trash can end up in landfills, where they will release lead, mercury and other toxins into the environment.
• Use the web as a resource for finding other ways to “go green” in your daily life. For a starting point, read CNET’s article “Green Tech” to find out more on living with green technology.

Home  

Spyware and Malware Threats Forecast

Internet security forecasts can lead us to believe that we are in for some stormy online weather. But being aware of and prepared for dangerous Web conditions may help you to stay safe online.

The experts at Lavasoft have put together a round-up of the top threats that we have been seeing, and unfortunately expect to see more of in the future. From rootkits to various identity theft attempt techniques, our top five threats list will help you to know what to be on the lookout for.

Threat #1: Rootkits
The first on our list of suspects are dangerous because they can hide malware. Rootkits are programs that fraudulently gain or maintain administrator level access that may also execute in a manner that prevents detection. They are extremely stealthy in nature, ranking higher than program kernels. One famous example from this past year was the Sony rootkit fiasco with a recent lawsuit settlement of $750,000 U.S. Other recent examples of malicious rootkits out there include Hack Defender, Apropos adware with rootkit, and Wareout (also known as Zlob Trojans).

Threat #2: Fake Codecs
Fake codecs, also known as Zlob/Smitfraud Trojans (just one of many Trojan techniques), are malware that lures computer users into downloading files that infect their PCs. They masquerade as codecs required to view online videos, then install a fake anti-spyware program which finds fake malware on the system; this is done to lure victims into buying the rogue anti-spyware program. Other victims have received fake e-greetings or instant messages from friends.

Threat #3: IM Vulnerabilities and Attacks
There is no debate about it: instant message-based attacks are on the rise, for AIM, Yahoo, Messenger, and more. Security vendor Akonix Systems recently cited a 73 percent increase in IM threats so far this year. These attacks rely on social engineering to spread malicious code; a link that appears to be from a known contact is sent. Because many people are not informed about threats coming in through this venue – only 3 percent of those polled in a Lavasoft survey were concerned with IM threats – these attacks are succeeding.

Threat #4: Exploits in Windows, Browsers, and Legitimate Software Applications
In 2006 hackers kicked off the year by releasing zero-day attack code based on a flaw in the way Internet Explorer handled WMF (Windows Meta File) documents. These were followed later in the year by a rash of targeted attacks that exploited un-patched flaws in Microsoft’s Office software (most recently in Microsoft Word in November 2006). This security hole has been patched, but hackers constantly push through to find new flaws to exploit.

Threat #5: Phishing & Identity Theft Attempts
The methods that malware can use as an attack vector, in order to find a way in to your computer and steal private sensitive information, are varied and wide-ranging. This list can include phishing attacks, banking Trojans, password stealers, and downloading Trojans. A key mitigating factor of staying clear of these types of threats is user accountability and education.

Home  

Transitioning to Windows Vista

In the IT industry, it’s all about the saying “out with the old and in with the new”. At least that seems to be the case with “the old” Windows XP operating system, which is being phased out in favor of Microsoft’s years-in-the-making Vista operating system.

Following Vista’s release to consumers in the end of January, the PC industry began moving sales to consumers, and some businesses, over to Vista. With its security and productivity features, many users quickly opted to migrate to Windows Vista, either on new systems or by upgrading on existing PCs.

Even with some demand for computers that come pre-loaded with XP, by customers resistant to Vista, computer makers have been told that Windows XP OEM will no longer be available by the end of the year, reports say.  By the beginning of 2008, Microsoft's contracts with computer makers will dictate that companies only sell Vista-loaded machines, according to an article in APC Magazine.

While Dell, Hewlett-Packard and some others still offer XP to small business customers, consumers are going to find themselves phased out of Windows XP.

“Though it’s very early in the product lifecycle, we’re pleased with the market response to date for Windows Vista,” said a Microsoft statement in a May CNET News.com article. “We’re looking forward to continued growth and broad adoption of Windows Vista around the world.”

Still, the changeover will not be happening overnight. An analyst at IDC expects that it will take about five years for Vista to be installed on the vast majority of computers, which is the time it took for XP to reach 84 percent of PCs, according to a recent CNN article.

What does the transition to Vista mean for consumers? In terms of security, Vista has been pegged by Windows as their most secure operating system yet, but has been under the scrutiny of many in the security industry even before it hit the market.

A certainty for PC users is that all operating systems have vulnerabilities, and the trend of malware writers to target widely used Microsoft applications and services highlights the need not only to keep your system patched, but to use third party software as an additional security measure.

In order to support your need to control what products secure your computer and protect your privacy, Lavasoft is planning to deliver a Vista compatible version (32-bit) of Ad-Aware 2007 in the end of August.

Vista compatibility is an important issue for many of our users. Lavasoft has been working with due diligence towards a Vista compatible version of Ad-Aware according to Microsoft standards, not our own interpretation of the Vista requirements. As part of this process, a Lavasoft development team made the trip from Gothenburg, Sweden to Microsoft headquarters in Washington, USA in June in order to discuss Vista compatibility issues.

According to Lavasoft developers, the team had positive and effective meetings with Microsoft representatives at the Platform Adoption Center of Microsoft’s Redmond campus.

“We have opened up important lines of communication with Microsoft, and have established the next steps that need to be taken in order to ensure a Vista compatible version early this fall,” says Odd Stranne, project leader and software developer at Lavasoft.

Since the new Ad-Aware 2007 product has been built with the capability to immediately distribute version updates and patches, all Ad-Aware users with a valid license will immediately receive the Vista compatible update when it is available.

Home  

U.S. Steps Up Fight Against Botnets and Spam

The United States has been leading the way in fighting spam and botnet related activities in the past months through a team effort by law enforcement agencies aimed at prosecuting criminals and creating public awareness.

Botnets, networks of zombie computers under the control of so-called “bot herders,” are a ballooning threat to individual PC users’ security, the economy, and even national security, according to the U.S. Federal Bureau of Investigation (FBI).

Following an announcement of progress with its ”Operation Bot Roast” cyber crime project, the FBI has promised more steps forward in terms of prosecutions for spam and botnet related activities in the coming months.

At the recent U.S. Federal Trade Commission’s Spam Summit in Washington, DC, USA, the FBI revealed that it has 70 active investigations into spam-related crimes, according to IDG News Service.

The FBI is collaborating with the National Cyber-Forensics and Training Alliance (NCFTA), a partnership between law enforcement agencies, universities and private businesses, in order to identity spammers, according to FBI special agent J. Keith Mularski. "If we don't address it together, it's only going to get worse," said Mularski, according to IDG.

And the investigations go beyond the borders of the U.S. Greg Crabb of the U.S. Postal Service’s international affairs group, reported working with Interpol and international law enforcement offices from over a dozen countries on an investigation called “Operation Gold Phish,” according to an IT News article.

Since its launch in 2002, the NCFTA has identified over 100 "significant spammers," including five that have been linked to traditional organized crime, Mularski said.

A special operation to fight botnets has also paid off with high results. The FBI and U.S. Department of Justice launched Operation Bot Roast with an aim to battle the growing botnet threat and to bolster awareness on Internet security.

In June, the FBI reported that its Operation Bot Roast had identified over one million victim computer IP addresses being used in criminal activity.

The FBI has also charged numerous individuals with cyber crimes throughout the U.S. as a direct result of the coordinated investigation; the FBI has reported the arrest of three men accused of using an army of hijacked computers for spam related crime.

While this investigation is the largest to date, there is still a fight ahead in terms of controlling networks of zombie computers.

User awareness and education is one key aspect of the battle. “The majority of the victims are not even aware that their computers have been compromised or their personal information exploited,” said FBI Assistant Director James Finch, head of the FBI’s Cyber Division.

Another struggle that lies ahead is continuing to work across borders to tackle cyber-crime. The FBI’s investigation mainly targeted American bot herders and cyber crime victims, but to get to the root of the problem, it will take stronger law enforcement in more countries, as well as a joint effort between nations.

A "massive challenge" that remains in tracking down spammers and enforcing anti-spam rules is coordinating international investigations, said Robert Shaw, head of the cyber security arm of the International Telecommunication Union, a United Nations agency made up of representatives from 91 nations, according to CNET.

"Even people who are experts at working in this space say they still have a really hard problem finding their counterparts in other countries and getting things done in real time," Shaw said.

Home  

Security Shorts

Italy Takes on Phishers
Authorities in Italy have arrested 26 people for an alleged scam to swindle bank customers. According to reports, the phishing scam used phoney e-mails that appeared to come from Italy’s postal operator, Poste Italiane, which also offers bank accounts, insurance and loans. The scam e-mails conned recipients into giving out personal financial details, in order to gain access to the victims’ bank accounts.

Read more

PDF Image Spam Threat
While the volume of image spam is decreasing, this spam threat does not seem to be going away anytime soon. There has been an increase in new spam techniques that reference spam images in different ways, according to reports from Symantec. Image spam, spam that uses a graphic in or attached to an e-mail, has begun a new trend – using PDF files in an attempt to scam computer users.

Read more

Scam Sites Built in Seconds
A new phishing tool allows scam sites to be built easily and quickly, further complicating phishing threats. RSA Security Inc. has identified code that installs a phishing site on a compromised server in about 2 seconds, according to reports. With the use of these phishing kits, cyber criminals are able to further automate the methods they use to hijack servers and propagate their scams.

Read more

iPhone Fraud Schemes
The buzz surrounding the release of Apple’s newest gadget, the iPhone, has led to spam, phishing, and other scam attempts by cyber criminals looking to take advantage of the product’s popularity. According to reports, a new botnet emerged in mid July that presents infected computer users with a fraudulent web page selling iPhones, in an attempt to steal financial information.

Read more

Browser Bug Blame Game
An unusual bug has had security researchers debating who is to blame – Microsoft or Mozilla? A security researcher identified a bug that could be attacked in Internet Explorer, yet Mozilla Corp. said it plans to issue a patch. The problem, according to reports, is with a URL protocol handler component of IE, which allows IE users to launch applications like Excel or Firefox by clicking web page links; even though the flaw affects IE users, it looks to be a risk only to those who have Firefox installed.

Read more

Home