As anti-spam tools and e-mail users become more sophisticated, spammers are turning to new mediums to get their unwelcome messages through filters and into inboxes. One of the more recent developments is spam with attached MP3 files. One security software vendor, MXSweep, is reporting that MP3 spam now accounts for between 7 and 10 percent of all spam being sent.
The files are given innocuous-sounding names like elvis.mp3, oursong.mp3, smashingpumpkins.mp3, or coolringtone.mp3. The payload is disappointing: a voice recording touting the virtues of some corporate stock; in other words, it’s pump-and-dump stock spam in a new format. It’s also a dumb idea. The overlap of those gullible enough to click on MP3 files of unknown provenance and those willing and able to invest in a stock that they’ve never heard of is certainly minute. It’s bound to be more of an annoyance than anything else and seems unlikely to result in the desired stock purchases.
Attachment spam can be easily filtered, but the sheer size of the messages can cause headaches. The MP3 files currently used run from 85KB to 147KB, according to MXSweep. “Although these emails now account for 8 percent of current traffic they consume up to 55 percent of e-mail bandwidth use, which in business terms is a huge additional cost,” said Danny Jenkins, CTO and founder of MXSweep.
So far, security researchers haven’t identified any malicious payloads in any of the MP3 stock spam messages, so the biggest headache will be configuring spam filters to stop the MP3 message from hitting inboxes. That should be fairly easy for corporate IT departments who aren’t already stopping e-mails with audio attachments. If your e-mail client supports rules-based filtering, simply set it to flag and delete messages with MP3 attachments.
The Federal Trade Commission believes legislation such as the CAN-SPAM Act and some high-profile convictions are making a difference, but spammers have responded by moving more of their operations offshore, going deeper underground, and coming up with new means of getting their unwelcome messages into inboxes.
Naturally, once countermeasures against MP3 spam are widely in place, spammers will move on to another payload. That’s why we’re facing MP3 spam now: anti-spam tools have become adept at dealing with image spam (e.g., GIF and JPEG images attached to a message), PDF spam, and Excel spam. Just a few months ago, PDF spam accounted for nearly 20 percent of all image spam; that number has since plummeted to under 1 percent, according to e-mail security company Proofpoint. Image-based spam has also plummeted to 2.23 percent of all messages as of the end of September.
Read the rest of this entry »
Posted in Internet, Security | 1 Comment »
Though almost everything Google touches seems to turn to gold, there is one project that never quite became ubiquitous (at least here in the U.S.). Orkut may have found a following in Brazil and Asia, but I don’t know anyone who uses the service. As Erick Schonfeld reports in TechCrunch, that may be about to change.
Known internally as Maka-Maka, the project will provide a means for all of Google’s existing applications to work together within a social-networking landscape. Google is also building a series of APIs that will allow developers to integrate their own applications into the Google universe.
Schonfeld describes the Google initiative as an attempt to “‘out-open’ Facebook” and predicts that the APIs will roll out for Orkut and iGoogle before percolating down through the Google universe.
All eyes will be on Google, but don’t expect anything too earth-shattering straight out of the gate. Many of these apps will be copycats of what is already available on Facebook (just as the very first apps on Facebook were ported over from other parts of the Web). This first go-round, Google will just be trying to match Facebook’s ante. Remember, even on Facebook, the best apps didn’t emerge on Day One. And now Facebook has a six-month lead.
Given that Orkut seems to have already lost the battle for social network supremacy, I have doubts that a barrage of borrowed Facebook apps will inspire anyone to switch. But if other Google properties begin to incorporate social-networking elements, then it seems like Google may succeed, if only through its near-complete Web saturation.
As I see it, the biggest shortcoming of social-networking sites is their inability to play well with others. Between MySpace, Facebook, LinkedIn, Tribe, Pownce, and the numerous also-rans, it seems as if maintaining an active presence at all of these sites could erode into becoming a full-time job. If Google can somehow create a means for all of these services to work together, and seamlessly interact with the Google family, then perhaps this is the killer app that people don’t even realize they’ve been waiting for.
On the other hand, if Google delivers a platform that simply mimics Facebook, while opening up the API just a little bit further, I have doubts that it’ll go anywhere. The business of social networking has been a bit of an enigma for many of the larger companies. Whereas Friendster, MySpace, and Facebook were practically born in dorm rooms and garages, their success has dwarfed anything that Yahoo or Google have been able to accomplish. Perhaps that’s all about to change, but amongst each segment of the population, there is usually only room for one social-networking portal, and Google will have a rough road ahead of it trying to convince kids, teens, and adults alike that this spot should belong to Google.
Read the rest of this entry »
Posted in Google, Ideas, Internet, Web 2.0 | No Comments »
McAfee announced plans on Tuesday to acquire ScanAlert in deal worth approximately $51 million in cash.
And what is McAfee looking to get for its money? For starters, it’ll snap up ScanAlert’s Hacker Safe Web site security certification service, bolster its own SiteAdvisor security-rating system, and become the keeper of ScanAlert’s proverbial “good housekeeping” seal for sites seeking to reassure customers that they are conducting safe online transactions.
The acquisition, expected to close in the first quarter, calls for integrating ScanAlert’s e-commerce security certification service into McAfee’s SiteAdvisor system. McAfee last year acquired SiteAdvisor, which informs users about the safety of their returned search results, estimating the likelihood that a site could potentially infect their computer with spyware, spam, or a browser attack.
ScanAlert issues a Hacker Safe certification to Web sites that have undergone its scanning service for vulnerabilities, as well as demonstrating that they have been fixed. The sites also need to undergo daily scans by ScanAlert, in order to maintain their Hacker Safe stamp of approval.
The Hacker Safe certification will be visible through SiteAdvisor, once the acquisition is completed, and the technologies are integrated.
Security fears have resulted in consumers delaying their online-shopping decisions and transactions by more than half a day, according to ScanAlert’s own research.
Those concerns are nothing new. Two years ago, a fourth of online shoppers reduced their purchases, as fear over identity theft soared, according to a report by RSA Security.
E-commerce site operators, as a result, have been particularly interested in trying various techniques to boost the security of their sites.
As part of the McAfee deal, ScanAlert may see its overall acquisition price jump by another $24 million, should it hit certain performance targets.
The company has 8,000 customers, who represent more than 75,000 Web sites. Those customers include Toshiba, Warner Bros., and the American Red Cross.
Read the rest of this entry »
Posted in Acquisitions, General, Security | No Comments »
