Taking a cue from Morgan Spurlock who lived on fast food for 30 days in the Super Size Me documentary, McAfee gathered volunteers from around the world who would, for one hour a day, surf the Internet, signing up for various newsletters, filling in various forms. As they did so, the participants were asked to blog about their experiences.
On Tuesday, McAfee released the results of the experiment it called S.P.A.M., or Spammed Persistently All Month.
Over the course of the month, McAfee's test subjects accumulated 104,000 spam messages, or roughly 70 per day per recipient. Put another way, 87 percent of all the e-mail captured on the test laptops was considered to be spam. That isn't too surprising.
What is surprising, according to Dave Marcus, director of security research and communications for McAfee Avert Labs, is the amount of foreign language spam, with Germany and France having the highest percentage of local language spam.
Other findings include:
Men received more spam than women (76.6 per day vs. 60.6 per day).
The United States received more total spam, followed by Brazil and Italy.
Nigerian scam e-mails are more popular in the United Kingdom than in the United States.
What's also interesting, at least to me, is that the McAfee results were similar to results released by Symantec. McAfee used about 50 real-world participants while Symantec used its DeepThreat Network of thousands of computers worldwide.
You can hear more of Dave Marcus' observations on the McAfee results in this week's Security Bite's podcast.
As a follow-up to last week's story on Hotmail users getting locked out, the second account mentioned has been restored.
Last Wednesday, Hotmail account holder Will showed CNET an e-mail verifying that he notified Microsoft on May 2 that his Hotmail password had been changed without his knowledge. Microsoft support staff responded with the following message: "Thank you for your message to MSN and Windows Live Privacy. I understand you are having difficulties accessing your MSN Hotmail account because you believe someone has gained unauthorized access to your account. For assistance with this issue, please contact the MSN Support staff using the (following) form."
Will filled out the form, and several weeks passed. Last Wednesday, he told CNET he had received no further response from Microsoft.
Account hijacking, where someone else steals your password and then changes it to deny you access, is a problem that affects not only Hotmail, but AOL and even eBay.
In a statement to CNET, a Microsoft representative said, "We can't comment on the specifics of a particular investigation. However, we can say that attempts to hijack accounts through a variety of means (for example, phishing scams, keystroke logging, and any number of other known security threats) occur against all online proprieties on an ongoing basis. Microsoft is constantly working to help ensure the security and privacy of its customer accounts."
Once again, the Microsoft representative put the fault for the lockout on the user. "In addition, we continue to recommend that customers always exercise appropriate caution and safeguards to protect their account information online, whether for their Windows Live accounts, banking accounts, or any other accounts they have online. Microsoft provides information on online safety and security, including specific guidance on how to help protect your Windows Live ID account security."
But Microsoft didn't answer our direct question: Why did it take a month, plus intervention from CNET, to restore Will's account?
Perhaps this e-mail statement comes the closest to a possible explanation: "As an FYI, we found the original communication to Will in response to his request, but per his e-mail to you, it seems for whatever reason, he did not receive it. We appreciate you flagging the issue, as we make it a practice to respond to all customer issues in a timely manner."
Spam now accounts for 78.5 percent of all e-mail traffic, according to a new report from Symantec. That's up from previous months. And Europe, not the United States, can now claim to be the source of most spam.
Other notable points culled from the "State of Spam" report for February 2008 (PDF) include:
- There was an appreciable decline of image spam during January 2008.
- The overall file size of spam messages has also decreased.
- Product spam, the largest category, makes up 28 percent of all spam.
- Internet Web hosting and Web design spam makes up 23 percent.
- Financial spam is in third place at 12 percent.
- However, health-related spam (those Viagra e-mails) only make up a mere 6 percent.
On the heels of ActiveX vulnerabilities in the image uploading tools for Facebook and MySpace.com, researchers warned Monday that Yahoo Instant Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.
Researcher Elazar Broad has disclosed a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2 56. Researchers Krystian Kloskowski and Broad have disclosed a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2 56c. And Kloskowski alone has disclosed a buffer overflow within datagrid.dll 2.2.2 56, which affects the AddImage function.
The three vulnerabilities are present within Yahoo Instant Messenger version 3.5 and Yahoo Messenger versions 4.0, 5.0, and 5.5, and could allow an attacker to compromise affected systems.
There are no known public exploits for these at this time. There is no patch available.
The existing workaround includes enabling the ActiveX control for each. Microsoft provides more details here . The specific CLSIDs for the ActiveX controls involved are:
Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139
Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2
On Wednesday, the Danish security company BullGuard announced it will offer its spam filter product as a free download. The BullGuard Spamfilter (download) integrates with Microsoft Outlook, Outlook Express, Windows Mail, and Mozilla Thunderbird e-mail clients. It runs on Windows 2000, XP, and Vista.
The BullGuard product relies upon fellow users to identify spam; once e-mail is marked as spam, all other Spamfilter users will no longer receive that e-mail in their in-boxes. It will be available within the spam folder instead.
According to Google's Postini, 2007 saw record spam levels, with as much as 90 percent of all e-mail traffic being unsolicited spam.
In addition to providing the free software, BullGuard is also offering Spamfilter users free, live 24-7 technical support.
- prev
- 1
- next
