English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

News|Smart money?

David
Kaspersky Lab Expert
Posted May 20, 11:19  GMT
Tags: Electronic Payments
0.4
 

The BBC today reported the announcement of the first UK 'mobile wallet', allowing people to pay for things using their mobile phone.

It sounds very convenient. I use my mobile phone for so many other things these days - why not as an alternative to cash? And on the face of it, isn't this just an extension of the same concept behind the Oyster Card? For those not familiar with the Oyster Card, it's an alternative to buying tickets to travel across London. You use a card instead: you put credit on the card at your convenience and the cost of the trip is debited automatically when you travel.

There's a key difference of course. If I lose my Oyster Card my loss is limited to the credit I've put on the card. The consequences could be far more serious if it's my smartphone, since someone could get access to my entire online identity. If my phone is my wallet too, it becomes even more of a target - to real-world criminals as well as cybercriminals.

We know from experience that convenience typically wins out over security. Keep watching.

Comment      Link

Project|Malware Calendar Wallpaper for May 2011

David
Kaspersky Lab Expert
Posted April 29, 08:53  GMT
Tags: History of Malware
0.1
 

Here's the latest of our malware wallpaper calendars.


1280x800 | 1680x1050 | 1920x1200 | 2560x1600

One of this month's highlighted malware incidents is the Morris worm. This worm was released on 2 November 1988 and by the following day was causing major problems for computers on the Internet. This would be nothing out of the ordinary in today's world. But it certainly was then. The worm quickly infected about 10 per cent of all computers connected to the Internet and, due to a programming error, made them unstable. Of course, in 1988 the Internet was made up of only 6,000 or so computers - it was an esoteric system used almost exclusively by government and academic institutions. So the Internet worm’s time had not yet come. But even so, the Morris worm was one of the first warnings of the importance of applying security patches in a timely fashion.

Comment      Link

Project|Malware Calendar Wallpaper for April 2011

David
Kaspersky Lab Expert
Posted April 06, 14:36  GMT
Tags: History of Malware
0.4
 

Here's the latest of our malware wallpaper calendars.


1280x800 | 1680x1050 | 1920x1200 | 2560x1600

This month's calendar highlights the use of malware for a range of cybercriminal activities. These include the use of a keylogger to steal data directly from individuals, the hacking of a business in order to acquire customer financial details and the use of a Trojan to conduct industrial espionage.

comments      Link

Project|Malware Calendar Wallpaper for March 2011

David
Kaspersky Lab Expert
Posted February 28, 12:46  GMT
Tags: History of Malware
0.2
 

Here's the latest of our malware wallpaper calendars.


1280x800 | 1680x1050 | 1920x1200 | 2560x1600

This month we've highlighted some malware-related dates for the month of March, including the well-known trigger date of the Michelangelo virus. I remember well that the number of real-world triggers in 1992 were very few in number - certainly out of all proportion with some of the dire warnings we saw in the media in the run up to 6 March.

Comment      Link

Project|Malware Calendar Wallpaper for February 2011 [updated]

David
Kaspersky Lab Expert
Posted January 31, 10:54  GMT
Tags: History of Malware
0.4
 

In January we published the first of our malware wallpaper calendars. Here's the latest wallpaper.


1280x800 | 1680x1050 | 1920x1200 | 2560x1600

Hopefully you'll find it eye-catching and it gives you the chance to see at-a-glance some of the significant malware-related events from the past.

comments      Link

Project|Malware Calendar Wallpaper for January 2011

David
Kaspersky Lab Expert
Posted December 31, 15:39  GMT
Tags: History of Malware
0.3
 

We'd like to wish all our readers a very happy New Year and offer you a small gift – a selection of wallpaper calendars with the dates of the most significant events in the history of the IT security industry.

Right now you can install wallpaper dedicated to past events that occurred in the month of January. Throughout 2011 you will be able to download different wallpaper for each month.


1280x800 | 1680x1050 | 1920x1200 | 2560x1600

As well as being a pleasant background for your desktop we hope that our wallpaper will help you recall the key events and epidemics in the history of IT security. And hopefully such things won’t affect you in future, even if they did in the past.

comments      Link

Incidents|Oops they did it again!

David
Kaspersky Lab Expert
Posted August 10, 15:56  GMT
Tags: Malware Creators
0.2
 

It seems the BBC has been dabbling in the world of malware ... again. They have reported that they have created a smartphone application that is also able to spy on the activities of the person using a compromised handset.

Readers of the blog may remember that the Beeb has something of a history in this area. They raised eyebrows in March 2009 when they 'acquired' a botnet. Shortly after this they also bought personal information, including credit card numbers, from a 'broker' of such data in India.

There's no question of any law having been infringed here - the BBC has not distributed the application. However, we believe its actions to be unethical and unwise. There's enough bad stuff out there without good guys developing their own malicious, or potentially malicious, code - as Denis's blog testifies.

Comment      Link

Opinions|Too many passwords?

David
Kaspersky Lab Expert
Posted March 03, 14:06  GMT
Tags: Passwords
0.1
 

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc.

The problem is, with so many online accounts, how do you remember a unique password for each one? We all know that it's unwise to use the same password for them all. And it's not much better simply to recycle them - e.g. 'david1', 'david2', 'david3', etc.

There is a solution. Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here's an example: start with the name of the online resource, let's say 'mybank'. Then apply your formula: e.g.

1. Capitalize the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.

This would give you a password of 'n1mybAk;'.

There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is 'the quick brown fox jumps over the lazy dog' the fixed component of each password starts out as 'tqbfjotld'. Then apply your four step rule.

Using either of these methods gives you a unique password for each online account, but all you have to remember is the same four steps each time.

Passwords aren't the only case in which humans can prove to be the weakest link in security. Finding ways to 'patch' our human resources is every bit as important as applying security updates to computers. Click here for further discussion of the human dimension in Internet security.

comments      Link

Opinions|The 12 scams of Christmas

David
Kaspersky Lab Expert
Posted December 21, 17:58  GMT
Tags: Spam Statistics
0
 

My colleague Tanya has just posted over on our Russian site about losses caused by Internet fraudsters in England and Wales. If you want to practice your Russian, hop over there, and take a look!

Even though we're a Russian company, we know that most people in the UK (including me!) prefer to get their news in English. So here's a few facts and figures:

In a recent statement, the Office of Fair Trading estimated that losses caused by Internet fraud amounted to £14 billion per year. That's a lot of money! It's also a lot of victims!

The OFT statement quotes research carried out by the University of Portsmouth, commissioned by ACPO (Association of Chief Police Officers) and NRA (National Fraud Authority):


  • 70,000 people fell victim to a single Nigerian e-mail scam
  • 38,000 people a year fall victim to fake prize draws
  • 10,000 people a year fall victim to investments scams
  • 14,000 people a year fall victim to fake lotteries

The report indicates that many people are reluctant to report fraud of this kind - because they're ashamed, embarrassed, angry or simply confused.

The first thing to remember is that you should be very, very wary of 'get-rich-quick' schemes: if something looks too good to be true, it almost certainly is! Please don't hand over money to complete strangers and avoid disclosing any personal information unless you know eactly who you're dealing with. The NRA gives a helpful list of the '12 scams of Christmas' so if you're in any doubt, check this list out.

If you do fall victim to an Internet scam, please do report it - you can do that here. Nobody's going to judge you - on the contrary, the more reports are made, the better we can quantify the threat! Remember, we can't begin to really manage the problem of Internet fraud and cybercrime unless we can measure it effectively.

Comment      Link

Events|Patching our children

David
Kaspersky Lab Expert
Posted December 08, 08:39  GMT
Tags: Campaigns
0
 

Today the UK Council on Child Internet Safety [UKCCIS] is launching its Child Internet Safety Strategy. The strategy is designed to encourage children not to disclose personal information, to block unwanted messages on social networks and to report inappropriate behaviour.

As part of the strategy, Internet safety will be made a compulsory part of the National Curriculum for children aged five upwards. There will also be a new digital code for Internet safety.

UKCCIS is also launching its 'Click Clever, Click Safe' public awareness campaign.

It's good to see government lending some weight to education of young people. Cybercriminals so often try to exploit human weaknesses. And I believe that finding ways to 'patch' our human resources is every bit as important as securing our computing devices. Education isn't a quick fix. It's a bit like housework - we know it's essential if we want to live comfortably, and we know that it has to be done regularly. And exactly the same goes for education throughout our lives.

Comment      Link