[2263] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 26, 2010
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 26 13:10:22 2010
Message-Id: <304EF8B6-0973-4F11-9959-76FBD5545A19@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 26 Apr 2010 13:09:26 -0400
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============1916886938=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1916886938==
Content-Type: multipart/alternative; boundary=Apple-Mail-69--210693136
--Apple-Mail-69--210693136
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. DHS Secretary Visits MIT
2. Highlights from Q1 Report on Internet Threat Trends
3. Google's Gmail Most Abused Email Address?
-----------------------------------
1. DHS Secretary Visits MIT
-----------------------------------
On April 16th, the US Department of Homeland Security (DHS) Secretary
Janet Napolitano attended a roundtable discussion with university
leaders hosted by MIT President Susan Hockfield. The meeting focussed
on ways DHS can engage talents of instructors and students,
particularly in the fields of cyber security and science and
technology research.
This story is covered here:
<http://web.mit.edu/newsoffice/2010/napolitano-mit-0416.html>
<http://boston.bizjournals.com/boston/stories/2010/04/12/daily59.html>
Earlier this year the DHS Secretary announced the federal government
is stepping up its efforts to protect the US against increasingly
sophisticated cyber attacks. The goal is to protect cyber space,
making it safe and secure by encouraging cyber security knowledge and
innovation.
Read this story on VentureBeat.com: <http://bit.ly/c4ndh3>
----------------------------------------------------------------------
2. Highlights from Q1 Report on Internet Threat Trends
----------------------------------------------------------------------
The quarterly report from CommTouch analyzes spam and phishing trends.
Some highlights from the 1st Quarter report:
183 billion spam/phishing emails are sent daily on average worldwide
(based on spam being assessed at 83% of 220 billion emails sent
worldwide each day)
81% of spam are pharmacy ads, maintaining last quarter's average (5 to
10% of spam comes from gmail.com accounts - see details in the next
story below)
The category of websites most likely to host malware are pornography
sites
An average of 305,000 new zombies are activated daily to inflict
malicious activity (like sending malware and spam). This number is
slightly lower than the 312,000 from the previous quarter.
You can download a copy of the report from the CommTouch website (http://www.commtouch.com/
).
------------------------------------------------------------
3. Google's Gmail Most Abused Email Address?
------------------------------------------------------------
Google is investigating the many Gmail accounts being hijacked and
used to send pharmaceutical spam. The problem has recently escalated,
with hackers breaking into legitimate Gmail accounts and then using
them to send spam messages.
Full story here:
<http://www.computerworld.com/s/article/9175857/Drug_dealing_spammers_hit_Gmail_accounts
>
However, this investigation does not take into account all the faked
email addresses being used to send spam. If the CommTouch report from
the previous article is accurate, most of the spam is NOT coming from
Gmail at all, but is only pretending to come from Gmail accounts.
According to that Q1 Report, CommTouch monitored the domains that are
used by spammers in the "from" field of those emails. They are
typically faked in order to fool anti-spam systems and spam
recipients. The domain most faked is gmail.com, Google's email domain.
The Q1 report analyzed how much spam actually comes from gmail.com.
The results were surprising. Of the emails with the "from" address
showing a gmail.com address:
59% of email came from a genuine gmail.com account
41% of email came from faked gmail.com accounts
42% of emails were classified as spam
1% of spam emails were sent by a genuine gmail.com account
In other words, of the spam sent, only 1% came from a genuine
gmail.com account. The rest (99%) were from forged gmail.com accounts.
Of the 1%, there could be emails included that were compromised by
hackers.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-69--210693136
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
DHS Secretary Visits MIT</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">2. Highlights from Q1 Report on =
Internet Threat Trends</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">3. Google's Gmail Most Abused Email =
Address?</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-----------------------------------</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">1. DHS Secretary Visits =
MIT</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">-----------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">On April 16th, the US Department =
of Homeland Security (DHS) Secretary Janet Napolitano attended a =
roundtable discussion with university leaders hosted by MIT President =
Susan Hockfield. The meeting focussed on ways DHS can engage talents of =
instructors and students, particularly in the fields of cyber security =
and science and technology research.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">This story is covered here:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><<a =
href=3D"http://web.mit.edu/newsoffice/2010/napolitano-mit-0416.html">http:=
//web.mit.edu/newsoffice/2010/napolitano-mit-0416.html</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://boston.bizjournals.com/boston/stories/2010/04/12/daily59.ht=
ml">http://boston.bizjournals.com/boston/stories/2010/04/12/daily59.html</=
a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Earlier this year the DHS Secretary announced the federal government =
is stepping up its efforts to protect the US against increasingly =
sophisticated cyber attacks. The goal is to protect cyber space, making =
it safe and secure by encouraging cyber security knowledge and =
innovation.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read this story on VentureBeat.com: <<a =
href=3D"http://bit.ly/c4ndh3">http://bit.ly/c4ndh3</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">----------------------------------------------------------------------</=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">2. Highlights from Q1 Report on Internet Threat Trends</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">----------------------------------------------------------------------</=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">The quarterly report from =
CommTouch analyzes spam and phishing trends. Some highlights from the =
1st Quarter report:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">183 billion spam/phishing emails are sent daily on average =
worldwide (based on spam being assessed at 83% of 220 billion emails =
sent worldwide each day)</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">81% of spam are pharmacy ads, maintaining last quarter's =
average (5 to 10% of spam comes from gmail.com accounts - see details in =
the next story below)</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">The category of websites most likely to host malware are =
pornography sites</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">An =
average of 305,000 new zombies are activated daily to inflict malicious =
activity (like sending malware and spam). This number is slightly lower =
than the 312,000 from the previous quarter.</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">You can download a copy of the =
report from the CommTouch website (<a =
href=3D"http://www.commtouch.com/">http://www.commtouch.com/</a>).</div><d=
iv style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Google's Gmail Most Abused Email Address?</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Google is investigating the many =
Gmail accounts being hijacked and used to send pharmaceutical spam. The =
problem has recently escalated, with hackers breaking into legitimate =
Gmail accounts and then using them to send spam messages.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Full story here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.computerworld.com/s/article/9175857/Drug_dealing_spamme=
rs_hit_Gmail_accounts">http://www.computerworld.com/s/article/9175857/Drug=
_dealing_spammers_hit_Gmail_accounts</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">However, this investigation does =
not take into account all the faked email addresses being used to send =
spam. If the CommTouch report from the previous article is accurate, =
most of the spam is NOT coming from Gmail at all, but is only pretending =
to come from Gmail accounts. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">According to that Q1 Report, CommTouch monitored the domains that are =
used by spammers in the "from" field of those emails. They are typically =
faked in order to fool anti-spam systems and spam recipients. The domain =
most faked is gmail.com, Google's email domain. The Q1 report =
analyzed how much spam actually comes from gmail.com. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">The results were surprising. Of =
the emails with the "from" address showing a gmail.com =
address:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">59% of email came from a genuine gmail.com account</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">41% of email came from faked gmail.com accounts</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">42% of emails were classified as spam</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1% =
of spam emails were sent by a genuine gmail.com account</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In other words, of the spam sent, =
only 1% came from a genuine gmail.com account. The rest (99%) were from =
forged gmail.com accounts. Of the 1%, there could be emails included =
that were compromised by hackers.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-69--210693136--
--===============1916886938==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1916886938==--
