G Data security update

+++ Zombies have migrated and spammers love old topics +++
14. Juli 2008

G Data Security Update about zombies and spam together with the figures for the last six months.

+++ Number one zombie country: Brazil
Worldwide, criminals are attempting to convert the PCs of private users and companies into so-called zombies and connect them to their botnets. The captured computers are hired out to send spam or for DDoS attacks. In the past few months Germany and Italy have given up their inglorious zombie pole position to Brazil. It was here that in the past six months, the criminals had the most PCs at their command.

++ Analyses from G Data Security Labs

+ Top five zombie countries
Brazil 10.2%
Germany 9.3%
Italy 8.9%
Turkey 8.3 %
China 6.6 %

+ Number of active zombies: between 5 and 10 million zombies participate daily in
virus distribution.

+ Number of new infections: between 200,000 and 500,000 (average: 360,000)


+++++++++++++++++++++++++++
+++ Spam once again has a spring in its step +++

The usual business fields have once again not changed particularly in the past few months, still at number one: spam for an alleged increase in sexual prowess. Nearly all spam in this category is aimed at male recipients.

+ The most frequent spam:
Increase in sexual performance 30 %
Drugs 22 %
Replicas 21 %
Academic titles 5 %


Many recipients still consider the proportion of pornographic spam to be extremely high - analyses by G Data Security Labs could not, however, provide any proof of this.
On average, the proportion of pornographic spam accounted for only 3 percent over the last six months.

+ Current prices for sending spam: the price to send 20 million spam has fallen slightly and is currently available for some 290 EUR (450 USD). At the start of the year, the price for this criminal service stood at the equivalent of 350 EUR.

+ Forwarding functions very popular with spammers
To circumvent the spam filters, spammers are falling back on well known and trustworthy websites. To do this they use, for example, the forwarding functions of Google, Yahoo and other sites. Users and spam filters are thus deceived into believing that a trustworthy page has been called up.

A similar approach is followed with images and websites. They are hosted in favourite
portals such as Flickr or Blogspot. Reputation-based detection technologies
are thus outwitted.

+++++++++++++++++++++++++++

+++ G Data Security Warning: Cyber criminals are still relying on Google +++

Using a new scam, internet criminals are currently trying to raise their number of hits to spread their malware.

Under the pretence that a debit for payment of advert pop-ups has failed, potential victims are invited to a false login page. Here they are requested to enter their access data for the Google AdWords system. Once again the fraud site is hosted in China.

With the stolen access data, the cyber criminals can switch on adverts within Google at the expense of the victim which, if certain keywords are input, are displayed in prominent positions alongside the search results.

These adverts then link to websites, which can infect further victim computers using the so-called drive-by-download technique (infection of the computer simply by "driving by").

By skilful selection of popular search terms, the attackers thus get an attractive option for far-reaching anonymous distribution of their malware.

This current example clearly demonstrates that cyber criminals have no longer just zeroed in on banking and credit card data, but by now are intercepting almost every form of personal access data of the most widely varying types.
Users should be particularly careful when receiving emails, which request the input of access data. In addition, when surfing, an HTTP filter should always be active, so that the early detection both of phishing pages as well as of the proverbial malware scatterers is possible.

Text of an intercepted phishing mail:

Subject: Account Reactivation


Dear Advertiser,

We were unable to process your payment.
Your ads will be suspended soon unless we can process your payment.
To prevent your ads from being suspended, please update your payment information.

Please sign in
to your account at adwords.google.com/XXXXXXXXXXXXX
and update your payment information.
(Link changed by G Data .)

We look forward to providing you with the most effective advertising available.
Thank you for advertising with Google AdWords.
----------------------------------
The Google AdWords Team ----------------------------------------