TrustSphere says its TrustVault product helps crucial emails get through–even in the midst of a denial of service attack–by correctly identifying trusted senders.

As annoying as spam is, an overactive spam filter is almost worse when it prevents important messages from getting through.

A company called TrustSphere says the TrustVault product it introduced this week can act as a counterweight to the spam filter, using a type of “social graph” to identify trusted senders and allow their messages to get through–even in the midst of a crisis such as a distributed denial of service attack on an executive’s email account.

“Inside the the organization, we’re effectively mapping who’s speaking to whom and turning that into an enterprise social graph,” Manish Goel, CEO of TrustSphere, said in an interview. “We’re tracking who’s speaking with whom and how often–what’s the cadence of communication.” In that way, TrustVault can identify the trustworthy senders and allow their messages to go through, even if they would otherwise be blocked by a spam filter.

So far, this social graph is based entirely on the exchange of email, although TrustSphere is working on ways of integrating social media and voice over Internet protocol communications for a more complete picture, Goel said. But TrustSphere is applying elements of social networking theory such as Dunbar’s number, anthropologist Robin Dunbar’s concept that humans can only track a limited number of relationships, often theorized as about 150, and rely on “circles of trust” for more extended relationships. In this way, TrustSphere models trustworthy connections at the organizational level, as well as at the individual level. TrustVault is also linked to a related service, TrustCloud, which tracks the reputation of email accounts across the Internet.

TrustSphere doesn’t filter the content of the messages at all, looking only at the pattern of communication and touching only the email header fields, Goel said. The service does detect email authentication methods, such as the use of Sender Policy Framework tagging, but it’s counted as an indicator of trustworthiness rather than a final verdict, he said.

Messages cleared by TrustVault can still go through anti-virus and spyware scans, and even previously trusted senders can be screened out if they start exhibiting suspicious behavior, Goel said. But sometimes letting the right messages through can be as important as keeping the wrong ones out. For example, corporations targeted by activists or hactivists sometimes have the email accounts of top executives rendered useless when they are flooded by messages sent by angry consumers or generated by bots. With TrustVault, the messages from known senders could be delivered to the executive being targeted, while all the rest would be routed for review by an administrative assistant.

One of the company’s oldest customers, the doctors.net.uk social network for physicians in the U.K., has been using a version of the same technology to allow email that uses words like “Viagra” or “penis” to get past spam filters when those words are used in a legitimate medical context, rather than for spam or pornographic promotions, Goel said.

“This also allows you to turn up the threshold on the aggressiveness of your spam filters without missing messages,” Goel said. “I liken this to why cars have brakes–to allow you to go faster. Spam filtering is very much focused on identifying the bad guys. We’re using the good and the bad to improve the overall security infrastructure.”

Founded in Singapore, TrustSphere is just now bringing its product to the U.S. market.

Source: http://www.informationweek.com/thebrainyard/news/email/232901586

The Koobface botnet, popularly known for using pay-per install and pay-per click mechanisms yearning huge amount for its masterminds has recently been upgraded with a classy traffic direction system (TDS). The TDS controls all the traffic that are related to affiliated websites, reports security researchers at security firm, Trend Micro.

The TDS feature forwards the traffic into various other locations and proves to be helpful in gaining hefty amount for the crooks through access into specific sites.

With Google going stricter with their creation of botnets that combats creation of fake e-mail accounts by spammers, cyber criminals are taking privilege of Yahoo mail for the accomplishment of their task.

Immediately, once the creation of the e-mail accounts is over, innumerable other accounts are created on social networking sites, such as FC2, Tumblr, FriendFeed, Twitter, livedoor, So-net, and Blogger.

As the process continues, images are gathered through a novel binary component, which collects pictures of celebrities, cars and any other images that might attract innocent users.

In the last stage, the botnet generates blog posts that are conducted through a malware component creating blog accounts, whereas the others recover matters or blog posts that are stored in the proxy command-and-control (C&C) server.

These posts are uploaded automatically to the intended platforms. The posts are comprised of links, images, and keywords, which aids in increasing the sites’ search engine optimization (SEO) ranking, together with an obfuscated JavaScript code that conceals the references of TDS domain of the botnet.

As a result, the TDS can easily follow the visits to each of the blog post and redirect the visitors to the sites that are affiliated by the botnets. The botnet helps in earning money through the clicks made by victims while they are reading blog posts and also from the traffic that the TDS directs to the chosen final landing sites.

However, for increasing the traffic to the nasty blog posts further, the Koobface gang also circulates keywords on the Web that are inter-related and promotes the posts through various social networking websites. These are undertaken with the assistance of numerous binary components that are catered by each site, as reported by security researchers at Trend Micro.

A former aide of the ruling Grand National Party lawmaker, Choi Gu-sik, has confessed to the charges, of hacking into the National Election Commission website, on the day of the October by-election.
According to the National Police Agency, the suspect, identified by his surname “Gong,” took sole responsibility, for carrying out a distributed denial of service, or DDoS, attack on the website, adding that, he was NOT ordered to do so by any high-ranking officials.
He confessed that, he wanted to help the GNP win the Seoul mayoral race, and thought the best way to do so, was to hack into the site to keep young voters from voting for the opposition candidate, Park Won-soon.
The cyber attack on election day, made information on voting locations inaccessible.

Analysis: The FBI just took down a criminal botnet that hijacked more 4 million PCs worldwide. Is your PC among those haunted by Ghost Click?

Yeah, I know: you just can’t get enough news about Herman Cain, Joe Paterno, and that aircraft carrier-sized asteroidthat just went whizzing by our planet. But you may have missed a story that is in many ways more important: Operation Ghost Click.

Earlier this week the FBI and international law authorities took down the biggest criminal botnet yet – some 4 million zombie PCs, all controlled by a band of Estonian cyber thieves doing business as an allegedly legitimate company called Rove Digital (no relation to Karl).

Rove performed all kinds of digital malfeasance — including the sale of fake antivirus software, distribution of malware, replacing legitimate ads on Web sites with their own, and generating fake clicks to pull in ad revenue – while pretending to be a real IT firm.

They did it by distributing malware that took over the Domain Name System (DNS) settings on PCs and network routers. DNS servers translate URLs (like www.itworld.com) into IP addresses (like66.77.79.139) that can be read by Internet routers. Change the DNS table to match a legit URL with an illegitimate IP address, and you can do all kinds of nasty things to the computers that visit that Web site.

To maximize their reach, Rove hijacked popular sites like iTunes, Netflix, and IRS.gov. The FBI estimates they made at least $14 million through these deeds. But that’s only the money they could find. The actual proceeds are likely an order of magnitude higher.

The Feds estimate that 500,000 of the zombie PCs were located in the US, affecting everyone from individuals to government agencies like NASA.

(I’m pretty sure that at one time I had a computer that was infected with this particular type of malware, known as DNS-Changer. I used to get some insanely strange redirects – like typing Facebook.com into my browser and getting sent to Yahoo instead. Fortunately, that machine has since passed onto the great digital boneyard in the sky.)

How do you know if your machine is one of them? TrendMicro, which aided the FBI in its investigation and had been tracking the activities of Rove and its assorted subsidiaries for more than five years, offers some tips in its CounterMeasures blog.

First, you’ll need to determine the IP address of your DNS server. And yes, it affects Macs as well as Windows machines, so Apple fanboys should pay heed as well. Per TrendMicro’s Rik Ferguson:

On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.

On a Mac …click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.

You’ll then need to plug that IP address into the FBI’s online database of compromised DNS settingsto find out if yours is among them. If it was (unlucky you) the Feds would like you to fill out a victim’s report. You’ll then need to do a virus scan to find and destroy the malware, then contact your ISP to restore the correct DNS settings.

You can do a quick (and free) online virus scan at Trend Micro’s HouseCall service or PC Pitstop.

For my money, keeping cyber criminals out of my PC (and my life) is more important than who’s running for president or coaching Penn State. As for Asteroid Armageddon? Well, maybe not.

Aggressive action by large IT infrastructure and platform providers helped drive down the volume of phishing attacks over the past summer, but new threats continue to emerge and grow, according to recent threat trend reports.

“It does feel like squeezing a balloon,” said Lars Harvey, CEO of Internet Identity. “The problem is really big and we don’t have that many resources fighting against it.”

But the trend by large stakeholders such as Microsoft and Google of going after bad actors is encouraging, Harvey said. “We’re trying to get control of our infrastructure.”